Contact Contact Us

Crashing In-Flight Entertainment System via USB Port
TRANSPORT INDUSTRY

The British Airways Entertainment System installed on Boeing 777-36N(ER) and possibly other aircraft, is vulnerable to a privilege escalation flaw tracked as CVE-2019-9019. The bug resides in the USB Handler component, which does not restrict the USB charging/data-transfer feature from interacting with the USB keyboard and mouse devices. A local unauthenticated attacker can therefore hack the entertainment applications such as using mouse copy-and-paste actions to trigger a Chat buffer overflow. There is no technical details or public exploit available at the time of report.

References:
[1] CVE-2019-9019 Affects British Airways Entertainment System on Boeing 777-36N(ER)
[2] CVE-2019-9019 (Mitre)

Ensign InfoSecurity Singapore
30A Kallang Place
#08-01
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883