Airbus Navblue Flysmart LPC-NG issues

Researchers found that Airbus Navblue FlySmart LPC-NG (L5.2.3, Windows EFB v17.03) used plaintext performance/airport databases without cryptographic integrity checks, allowing an attacker with local EFB access or access to the update supply chain to alter takeoff and landing performance inputs, potentially leading to runway overruns or CFIT. Airbus initially declined to treat it as a security issue and cited operator mitigations, but after EASA’s involvement the vulnerability was fixed; recommended mitigations include cryptographic signing (PKI) or HMAC for data integrity and consistent EFB hardening.