Security researchers Ian Carroll and Sam Curry recently uncovered a major vulnerability in the login systems used by the Transportation Security Administration (TSA) to verify airline crew members at airport security checkpoints. This vulnerability allowed individuals with basic knowledge of SQL injection to insert themselves into airline rosters, potentially gaining unauthorized access to sensitive areas such as the cockpit of a commercial airplane.
Carroll and Curry found this vulnerability while exploring the third-party website of a vendor called FlyCASS, which provides smaller airlines with access to the TSA’s Known Crewmember (KCM) system and Cockpit Access Security System (CASS). By inserting a simple apostrophe into the username field, they were able to trigger a MySQL error, indicating that the username was directly incorporated into the login SQL query. This discovery allowed them to exploit SQL injection and confirm the issue using sqlmap.
Once Carroll and Curry gained access to the system, they found that there were no further checks or authentication methods in place to prevent them from adding crew records and photos for any airline utilizing FlyCASS. This lack of security measures meant that individuals exploiting the vulnerability could easily present a fake employee number to bypass KCM security checkpoints, posing a significant threat to airline security.
The implications of such a security vulnerability are grave, with the potential for unauthorized individuals to gain access to restricted areas within airports and onboard commercial airplanes. The ability to add fake crew members to airline rosters could also compromise the integrity of flight operations and pose serious safety risks to passengers and crew members alike.
This discovery underscores the critical importance of implementing robust security measures in all systems and platforms used by transportation authorities and airlines. Regular security audits, vulnerability assessments, and penetration testing are essential to identify and address potential weaknesses before they can be exploited by malicious actors.
The recent discovery of a security vulnerability in TSA systems serves as a stark reminder of the constant threats faced by the aviation industry. It is imperative that stringent security protocols be put in place to safeguard against such vulnerabilities and mitigate the risk of unauthorized access to critical airport and airline systems.
Leave a Reply