Article 6QJP8 Researchers say a bug let them add fake pilots to rosters used for TSA checks

Researchers say a bug let them add fake pilots to rosters used for TSA checks

by
Wes Davis
from The Verge - All Posts on (#6QJP8)
VRG_ILLO_STK001_carlo_cadenas_cybersecurity_virus.0.jpg Illustration by Carlo Cadenas / The Verge

A pair of security researchers say they discovered a vulnerability in login systems for records that the Transportation Security Administration (TSA) uses to verify airline crew members at airport security checkpoints. The bug let anyone with a basic knowledge of SQL injection" add themselves to airline rosters, potentially letting them breeze through security and into the cockpit of a commercial airplane, researcher Ian Carroll wrote in a blog post in August.

Carroll and his partner, Sam Curry, apparently discovered the vulnerability while probing the third-party website of a vendor called FlyCASS that provides smaller airlines access to the TSA's Known Crewmember (KCM) system and Cockpit Access Security System (CASS). They found that...

Continue reading...

External Content
Source RSS or Atom Feed
Feed Location http://www.theverge.com/rss/index.xml
Feed Title The Verge - All Posts
Feed Link https://www.theverge.com/
Reply 0 comments