Transport

Crashing In-Flight Entertainment System via USB Port

19 – 26 February 2019

The British Airways Entertainment System installed on Boeing 777-36N(ER) and possibly other aircraft, is vulnerable to a privilege escalation flaw tracked as CVE-2019-9019.
Cyber_News_Transport
The British Airways Entertainment System installed on Boeing 777-36N(ER) and possibly other aircraft, is vulnerable to a privilege escalation flaw tracked as CVE-2019-9019. The bug resides in the USB Handler component, which does not restrict the USB charging/data-transfer feature from interacting with the USB keyboard and mouse devices. A local unauthenticated attacker can therefore hack the entertainment applications such as using mouse copy-and-paste actions to trigger a Chat buffer overflow. There is no technical details or public exploit available at the time of report. 

References:
[1] CVE-2019-9019 Affects British Airways Entertainment System on Boeing 777-36N(ER)
[2] CVE-2019-9019 (Mitre)
 
 
 
 
 
 
 
 
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Solutioning

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence