- The vulnerability resides in the USB handler component of the Entertainment System.
- Apart from triggering a buffer overflow, the flaw can also cause the application to crash.
A critical vulnerability has been discovered in the British Airways Entertainment System. The flaw in the question is a privilege escalation vulnerability and resides in the USB handler component of the Entertainment System.
What is the issue - Tracked as CVE-2019-9019, the security flaw affects all the British Airways Entertainment Systems installed on Boeing 777-36N(ER) and possibly other aircraft.
According to the entry in the CVE database maintained by MITRE, the British Airways Entertainment System does not prevent the USB charging/data-transfer feature from interacting with the USB keyboard and mouse devices. This, in turn, can allow attackers in proximity to conduct unwanted attacks against the Entertainment applications. The flaw can even trigger a chat buffer overflow or possibly have unknown other impacts.
Why it matters - Apart from triggering a buffer overflow, the flaw can also cause the application to crash. While a remedy for the issue is yet to be released, researchers have cited the future scope of the flaw for the attackers.
Explaining it further, Hector Marco Gisbert, an Associate Professor in Cybersecurity and Networks at the University of the West of Scotland, said, “Performing this attack using only the mouse it would have taken quite some time and much more to create a working payload to execute code. Note that we are limited to use ASCII printable characters in our byte-for-byte attack, which introduces a challenge to guess the next byte and to create a working ROP attack.”