I've read a couple of blog posts about the suspicion (or even confirmation) that some of the in-flight entertainment systems are using Linux. It's completely understandable that if you have to put 400+ such systems into a plane, you'd rather use free software for the economics of licensing costs.. imagine 400+ windows licenses :)
Now in any case, during my Taipei-Singapore flight enroute my trip back from OpenMoko headquarters to Berlin, I was amazed by the new big-screen entertainment systems that Singapore airlines is apparently using in some of their planes. This particular plane was a Boeing 777-300R. The screens are not the usual 4" or similar, but actually something like 10" - and that in economy class. Also, they're really high-res, and seem to be entirely controlled digital, i.e. no blurry PAL/NTSC or VGA resolution, but actually something on the order of (guessing) XGA.
The second unusual bit was the three connectors on the right hand side of the screen. Ethernet (!), USB host and composite video-in. I've never seen something similar in an airplane before.
Now unfortunately the system on my seat was stuck. I called the flight attendant, who then issued a remote system reset. To much of my surprise, I could soon see the BIOS boot screens of a VIA based embedded system. Afterwards, it executed RedBoot, followed by a Linux kernel, to be followed later by an X server (you could see the grey background pattern with the X cursor for quite some time), and then some custom X11 applications.
As the RedBoot message suggests, the system was implemented by Panasonic Avionics.
The first thing worth mentioning was the incredibly slow boot progress. They must be running those systems at low clock speed, and boot them over the network, even though the rootfs was ext2. I didn't see the details since I was too busy grabbing my camera to take this photograph.
The amazing thing about this system is that it has 512MB RAM per seat, dissipates a dangerous amount of heat (you can feel it getting very uncomfortably warm under that screen, where probably the entire system is located, similar to a "tablet PC" form-factor). Still, it is very slow. And then look at the details. Why on earth do you need a wifi stack and netfilter/iptables, including ip_conntrack on such a system inside the airplane? I severely doubt that they use packet filtering to prevent a hacker to get from one seat to another - and thus connection tracking adds anything aside a performance hit.
So what's it with those connectors? I couldn't get the Ethernet part. And for whatever reason, I didn't have a patch cable in my carry-on luggage either. Maybe the entertainment system might have been even more entertaining that way, who knows :(
The USB connector is meant for a user-provided USB memory stick, where you can then watch your own pictures, or use a word processor or spreadsheet to view / create / edit documents. The software used for this is - unsurprisingly - a customized version of StarWriter/StarCalc, based on OpenOffice.org. I've played a bit around with it. Using the controller, you can actually resize the window from full-screen to something smaller, but there's nothing interesting in the background. I've tried to see if one can somehow change the print command to "/bin/sh" and then print a document - but the printing functionality had been removed altogether, so no luck here.
I decided to sleep for the rest of the flight, rather than trying different attack vectors. If I run into such a system again, I'm probably quite tempted to do so again. Would be fund to get an entire plane full of Linux hackers (let's say: OLS attendees) and have them play around with it to see how well is is done from a security point of view. I guess the worst-case scenario is something like people connecting their USB hard drives (or laptops via Ethernet) and then ripping the entire entertainment library during the duration of a 12 hour intercontinental flight. I'd suppose they actually should have looked a fair bit at the security of such a system. But then, the same is true for many systems, and developers still neglect that aspect way too often.