In a shocking revelation, security researchers Ian Carroll and Sam Curry have uncovered a critical vulnerability in the login systems used by the Transportation Security Administration (TSA) to verify airline crew members at airport security checkpoints. The bug, which allowed individuals with basic knowledge of SQL injection to manipulate the system, posed a serious threat to airline security.
Carroll and Curry stumbled upon the vulnerability while investigating the third-party website of a vendor named FlyCASS, which provides access to the TSA’s Known Crewmember (KCM) system and Cockpit Access Security System (CASS) for smaller airlines. By inserting a simple apostrophe into the username field, they were able to trigger a MySQL error, indicating that the username was being directly inserted into the login SQL query. This allowed them to exploit the SQL injection flaw using tools like sqlmap.
Upon gaining access to FlyCASS as an administrator of Air Transport International using the credentials ‘‘ or ‘1’=’1’ and ‘‘) OR MD5(‘1’)=MD5(‘1’, Carroll and Curry found that there were no further checks or authentications in place to prevent them from adding fraudulent crew records and photos for any airline using the system. This meant that unauthorized individuals could potentially bypass security checkpoints using fake employee numbers.
The implications of this security vulnerability are deeply concerning, as it highlights the potential for malicious actors to exploit weaknesses in airline systems and gain unauthorized access to restricted areas within airports. The ability to manipulate crew records and photos poses a significant risk to the safety and security of commercial air travel.
It is imperative that the TSA and airlines take immediate action to address this vulnerability and strengthen the security measures in place to protect against similar threats in the future. Regular security audits, enhanced authentication protocols, and continuous monitoring of system logs are essential to prevent unauthorized access and protect the integrity of airline operations.
The discovery of this security vulnerability in the TSA’s login systems underscores the critical importance of robust cybersecurity practices in the aviation industry. By identifying and addressing vulnerabilities proactively, stakeholders can mitigate risks and safeguard against potential threats to airline security.