Endpoint Protection

With the airline industry being as competitive as it is, many of today's airlines are in the process of implementing lavish in-flight entertainment systemsthat offer a wide range of options including TV, movies, music andgames. Gone are the days where they tossed you cheap headphones wrappedin plastic and that was it. Of course, to deliver all this rich mediacontent, the underlying embedded systems need to have the power todeliver, so it’s no surprise that several are running on Linux.

Coincidentally, I just put up a rant…er, commentary… around embedded systems securityand how it seems to be down there in the priority list with poshchocolate biscuits and free soda. While we're all waiting for such thisutopia to arrive, in the meantime, I can think I can safely predict thefollowing events once this service is launched:

a) Someone on a flight finds a software crash
b) First email to full disclosure
c) On a 12 to 14 hour flight, some enterprising young chap develops an exploit
d) Second email to full disclosure

Thebug is going to be in something like Star Office, a USB driver/stack orsome other component which takes external content (as full attacksurfaces won’t be apparent until launch). From there, details will bewritten up, Black Hat and SysCanpresentations will be given, and the affected airlines will be saddledwith a problem which is expensive, time consuming and a bit of a painto fix.

Or I could be completely wrong and best practices will be followed:

a) The systems are completely locked down using all the technologies available to them such as SELinux and ExecShield
b) They are deployed following industry best defense-in-depth practices
c) The main server is protected from the terminals by a strict firewall

WhileI hope it’s the second scenario, I fear that it’ll be the first – whichis unfortunate, since it really doesn’t have to happen this way. So,here’s to hoping that the developers have learned from others’ mistakesand everything is clear skies ahead. Until next time, remember Stop! Look! Listen! Think! before you cross the Internet super highway. And remember, enjoy your flight!