With the airline industry being as competitive as it is, many of today's airlines are in the process of implementing lavish in-flight entertainment systemsthat offer a wide range of options including TV, movies, music andgames. Gone are the days where they tossed you cheap headphones wrappedin plastic and that was it. Of course, to deliver all this rich mediacontent, the underlying embedded systems need to have the power todeliver, so it’s no surprise that several are running on Linux.
Coincidentally, I just put up a rant…er, commentary… around embedded systems securityand how it seems to be down there in the priority list with poshchocolate biscuits and free soda. While we're all waiting for such thisutopia to arrive, in the meantime, I can think I can safely predict thefollowing events once this service is launched:
a) Someone on a flight finds a software crashb) First email to full disclosurec) On a 12 to 14 hour flight, some enterprising young chap develops an exploitd) Second email to full disclosure
a) The systems are completely locked down using all the technologies available to them such as SELinux and ExecShieldb) They are deployed following industry best defense-in-depth practicesc) The main server is protected from the terminals by a strict firewall