In a recent discovery made by security researchers Ian Carroll and Sam Curry, a critical vulnerability was found in the login systems of the Transportation Security Administration (TSA). This vulnerability allowed individuals with basic knowledge of SQL injection to add themselves to airline rosters, potentially gaining unauthorized access to secure areas within airports and even onto commercial airplanes.
Carroll and Curry stumbled upon this vulnerability while exploring the third-party website of a vendor known as FlyCASS. FlyCASS provides smaller airlines with access to the TSA’s Known Crewmember (KCM) system and Cockpit Access Security System (CASS). Through their investigation, they found that by inserting a simple apostrophe into the username field, they triggered a MySQL error. This indicated that the username was being directly inserted into the login SQL query, making it vulnerable to SQL injection attacks.
Upon further testing, Carroll and Curry were able to confirm the presence of the SQL injection vulnerability using a specific username and password combination. By logging in as an administrator for Air Transport International on FlyCASS, they were able to bypass any checks or authentication measures in place. This allowed them to add crew records and photos for any airline utilizing FlyCASS without any restrictions.
The implications of this security vulnerability are severe. Individuals exploiting this flaw could potentially present fake employee numbers to gain access through KCM security checkpoints, posing a significant threat to airline security. The lack of proper authentication and oversight on FlyCASS’s platform made it easy for unauthorized individuals to manipulate the system and gain access to sensitive airline information.
This discovery underscores the importance of robust cybersecurity measures in all systems, especially those handling sensitive information such as airline crew verification. The TSA and other regulatory bodies must work closely with vendors to ensure that vulnerabilities like these are identified and addressed promptly to prevent potential security breaches. It serves as a reminder that constant vigilance and proactive security measures are essential in safeguarding critical infrastructure and data from malicious actors.
Leave a Reply