Casa > cibernético Notícias > CVE-2019-9019: British Airways Entertainment System Vulnerável
CYBER NEWS

CVE-2019-9019: British Airways Entertainment System Vulnerável

There’s hardly a day without a new vulnerability. CVE-2019-9019 is a security flaw in the British Airways Entertainment System which affects Boeing 777-36N (ER) and perhaps other aircraft, também. The vulnerability’s type is privilege escalation that is located in the component USB Handler.




CVE-2019-9019 Technical Overview

Here’s CVE-2019-9019 official description:

The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB charging/data-transfer feature from interacting with USB keyboard and mouse devices, which allows physically proximate attackers to conduct unanticipated attacks against Entertainment applications, as demonstrated by using mouse copy-and-paste actions to trigger a Chat buffer overflow or possibly have unspecified other impact.

As already mentioned the vulnerable entertainment system is installed on Boeing 777-36N(ER) , but other models may be affected as well. It should be noted that the attack is possible on a local level, with no form of authentication required for exploitation. No momento, there are neither technical details nor an exploit publicly available, pesquisadores de segurança dizer.

relacionado: [wplinkpreview url =”https://sensorstechforum.com/precision-agriculture-industry-cybersecurity-risks/”]Precision Industry Agricultura em Risco de Ameaças de Segurança Cibernética iminente

The current price for an exploit is around $5k-$25k (estimation calculated on 02/23/2019). The CVE-2019-9019 vulnerability is described as having a historic impact due to its background and reception.

Since there are no known countermeasures so far, a good idea may be to replace the affected system with an alternative product.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

It’s important to note that entertainment systems are crucial components in aviation, and they could be used as entry points for attackers in various scenarios. It’s not the first time vulnerabilities affecting aircraft are discovered. A couple of years ago, a security researcher uncovered vulnerabilities in Panasonic Avionics in-flight entertainment, known as IFE systems.

relacionado: [wplinkpreview url =”https://sensorstechforum.com/airbus-data-breach-personal-informaton/”]Airbus Dados Breach Exposed informações pessoais de funcionários europeus

The IFE systems are used by many airlines including United Airlines, American Airlines, Virgin Atlantic, and Air France. The vulnerabilities could allow attackers to control what passengers see and hear on their in-flight display.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...