Norwegian Air, playing with VOD system

Overview

This post is excerpted from the talk presented at the CyberSecurity Meetup Helsinki, about vulnerabilities and bad implementations in several products.

After trying to contact Norwegian in multiple times receiving no response, and as there is nothing related to aviation safety, it was decided to publish this article.

Analisys

On a trip to London, by chance something interesting was discovered and decided to play a bit with the entertainment system, based on a WIFI to which the user terminals, mobile, tablets, laptops are connected…

Once the plane takes off, and light off the “belted seat” Norwegian WIFI starts working on the aircraft. Then, the captive portal home page will display flight information and entertainment options.

In the main menu, we can see many options, most of them for free… others like the movies are not free, at the moment 🙂

We have information about the flight:

The map position of the aircraft:

Series… just a chapter of each, not useful for long trips:

And movies… many films, some of them new, and some very very old, but at a price of 5 €:

Startied to look at the source code while watching an episode of a documentary, and a nice URL was found:

Game over! In addition to obtain the folder URL, this is wide opened, and it is possible to display the video directly from the file m3u8 and can also browse other content.

But let’s see if we can also access premium content such as movies, for example Tokarev, whose code in the URL is 4149:

Bingo! 🙂 We can enjoy with Nicolas Cage for free.

There is no need to pay for the film:

And so with all movies in the database… also to mention that it would be possible to download the splitted files of the movie, they are stored in the dropf_code_ * folder, but for lack of time and tools the analysis was stopped at that point.

Back