Airline Wi-Fi device vulnerabilities pose hacking risk for passengers

SecurityWeek reports that two new security vulnerabilities have been identified in Contec's Flexlan FX3000 and FX2000 wireless LAN devices commonly used in airplanes, which could place passengers at risk for hacking if exploited. Attackers could leverage the first flaw, tracked as CVE-2022-36158, to facilitate Linux command execution on devices with root privileges, noted Necrum Security Labs researchers Thomas Knudsen and Samy Younsi. "From here we had access to all the system files but also be able to open the telnet port and have full access on the device," researchers said. Meanwhile, the second bug, tracked as CVE-2022-36159, could be exploited to enable device takeovers. Both vulnerabilities could be abused by airline passengers to exfiltrate other passengers' data or enable malware delivery to their devices, according to Younsi. "We can imagine a scenario where a malicious actor can spoof the HTTPS traffic by uploading his own certificate in the router to see all requests in clear text. Another scenario would be to redirect the traffic to a malicious APK or iOS application to infect the mobile phone of each passenger," Younsi added. Contec has already addressed both flaws in firmware versions 1.16.00 and 1.39.00 for the FX3000 and FX2000 devices, respectively.