1 min read

WiFi Access Points in Planes Are Vulnerable to Attacks, Researchers Find

Silviu STAHIE

September 26, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
WiFi Access Points in Planes Are Vulnerable to Attacks, Researchers Find

Security researchers have identified a few vulnerabilities in WiFi access points from Contec that are used primarily on airplanes, allowing attackers to take over devices with root privileges.

Like in any other situation, the Internet is provided in planes through access points that follow the same rules as a similar device on the ground. And, just like any other device, they face the same security challenges and are prone to problems.

Security researchers from Necrum Security Labs discovered a couple of vulnerabilities that allowed them to take over the WiFi access points from the FLEXLAN FXA2000 and FXA3000 series.

“After performing a reverse engineering of the firmware we discovered that a hidden page not listed in the Wireless LAN Manager interface allows to execute Linux commands on the device with root privileges,” explained the researchers regarding the CVE-2022-36158 vulnerability. “From here we had access to all the system files but also be able to open the telnet port and have full access on the device.”

The second vulnerability revealed another major problem for the devices. Manufacturers reserved the root account and used the same password for all devices. Security researchers managed to brute-force the credentials, which essentially meant they theoretically had direct access to all devices.

“The problem is that the owner of the device is only able to change the password for the account user from the web administration interface, because the root account is reserved for Contec, probably for maintenance purposes,” the security researchers said of CVE-2022-36159. “This means an attacker with the root hard coded password can access all FXA2000 series and FXA3000 series devices.”

Contec developers have already released a firmware upgrade for both the FX2000 and FX3000 series, as this is the only way to fix all security issues.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find
Silviu STAHIE

November 29, 2022

1 min read
Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read
How SIM Swapping Attacks Work and How to Protect Yourself How SIM Swapping Attacks Work and How to Protect Yourself
Filip TRUȚĂ

November 25, 2022

3 min read