Linux crash on a Plane!

I don’t travel nearly as as much as I used to, yet when I do I always keep a sharp eye out for the technical glitches in devices around me in travel environments. What can I say? It provides me endless amusement.

Linux crash plane

While Linux boxes crashing in airlines’ on-board entertainment systems are nothing new, and several photos exist on the Internet depicting these crashes, I’m seeing something different these days…

On my way back from ph-neutral security conference in Berlin, I took a Continental 757 back to the US and observed the passenger entertainment system headrest in the row in front of me was frozen on the the movie selection GUI. The passenger in that seat asked the flight attendant to fix the problem and the headrest PC was rebooted from somewhere up front.

So, the funny (and a bit scary perhaps) bit is the screenshot I took of the reboot process. You can see the very high resolution photo here:

Observations from the linux crash on a plane photo:

1. 172.17.X.X private IP address range

2. FTP server IP address and transfer of system log tarball to the FTP server…user is “xxxxx” — imagine what the password might be…

Some reasonable concerns:

1. Tilting up the headrest PC and peeking behind it I saw CAT-5 cable. With a small tool or hands, and big cajones, an attacker *could possibly* unplug that cable and attach it to a laptop and hop onto the entertainment network. In addition, with some imagination and the right tools, an attacker could feasibly take over some or all aspects of the headrest PCs, including perhaps the sniffing of credit cards used by patrons, or even adding some specialized content…

2. This aircraft did not have on-board wireless Internet access, but I suspect that some airlines offering this service could have network crossover connectivity to different subnets, or perhaps only relying on VLANs for separation.

In the end, we can only hope that of the several networks likely running on a modern passenger jet, that true air-gapping is taking place and these systems are in no way connected to critical on-board networks. Time will tell if this is indeed the case. In the meantime, keep an eye out for those Linux boxes crashing on planes!

4 thoughts on “Linux crash on a Plane!

  1. Rick

    I think that syntax is user:pass@server. So the user is “ftpenglog” and the password is “xxxxx”. So it is worse than you thought, or maybe that “xxxxx” is obfuscating the actual password.

    For the moment the FAA is requiring entertainment systems to be wired seperatly from control systems. They’re worried about power spiking, or radio signals, and not information security, so we’ll see how long it lasts.

  2. john

    sounds to me like you are making a lot of HUGE assumptions in this post.

    first of all, is this a “crash” or did they just restart the inflight media.. because ive seen that happen a lot of times and all the systems reboot – it doesnt look like there is any fatal error.

    second, i appreciate you are coming back from a security conference and have visions of all the possible holes. Regarding the credit card readers – i dont even see one in that headrest.

    “in the end, we can only hope that of the several networks likely running on a modern passenger jet” .. yes this is about all we can get from this post that isnt complete conjecture.

  3. shawnmer


    Thanks for the comments. To address some of your assumptions…

    Imho, it was a crash, in the sense that this particular headrest PC froze twice, and the passenger requested help, which then prompted the flight attendant to reboot the PC. Since the screen was frozen, I couldn’t deduce (or conjecturize 😉 what the root cause actually was.

    Regarding the credit card readers, that bottom slot you see in the picture is where it is. Each headrest PC has that CC reader for the passenger to swipe his credit card from left to right. It’s there dude.


  4. shawnmer


    Nice catch on the FTP user:pass syntax; thank you for the correction!

    That’s good to hear about FAA regulations.


Comments are closed.