Researchers say a bug let them add fake pilots to rosters used for TSA checks
Deprecated: mb_convert_encoding(): Handling HTML entities via mbstring is deprecated; use htmlspecialchars, htmlentities, or mb_encode_numericentity/mb_decode_numericentity instead in /home/u333346598/domains/thebulletin.tech/public_html/wp-content/plugins/insert-headers-and-footers/includes/class-wpcode-snippet-execute.php(411) : eval()'d code on line 18
Estimated reading time: 1 minutes
Illustration by Carlo Cadenas / The Verge
A pair of security researchers say they discovered a vulnerability in login systems for records that the Transportation Security Administration (TSA) uses to verify airline crew members at airport security checkpoints. The bug let anyone with a “basic knowledge of SQL injection” add themselves to airline rosters, potentially letting them breeze through security and into the cockpit of a commercial airplane, researcher Ian Carroll wrote in a blog post in August.
Carroll and his partner, Sam Curry, apparently discovered the vulnerability while probing the third-party website of a vendor called FlyCASS that provides smaller airlines access to the TSA’s Known Crewmember (KCM) system and Cockpit Access Security System (CASS). They found that…
About The Author
