Recently, security researchers Ian Carroll and Sam Curry uncovered a critical vulnerability in the login systems used by the Transportation Security Administration (TSA) to verify airline crew members at airport security checkpoints. This vulnerability allowed individuals with basic knowledge of SQL injection techniques to manipulate the systems and potentially gain unauthorized access to airline rosters.
Carroll and Curry stumbled upon the vulnerability while investigating the third-party website of a vendor named FlyCASS, which provides smaller airlines with access to the TSA’s Known Crewmember (KCM) system and Cockpit Access Security System (CASS). By inserting a simple apostrophe into the username field, they triggered a MySQL error, indicating that the username was directly integrated into the login SQL query. This oversight enabled the researchers to execute SQL injection attacks and confirm the existence of the vulnerability using tools like sqlmap.
Upon successfully exploiting the vulnerability, Carroll and Curry were able to log in to FlyCASS as an administrator of Air Transport International by using specific SQL injection payloads as usernames and passwords. Once inside the system, they discovered that there were no additional checks or authentication mechanisms in place to prevent them from adding or modifying crew records and photos for any airline utilizing FlyCASS.
The ramifications of this security flaw are severe, as unauthorized individuals could feasibly add themselves to airline rosters, posing as legitimate crew members. This could potentially enable them to bypass security measures and gain entry into high-security areas, such as the cockpit of a commercial airplane. Additionally, the ability to present fake employee numbers at KCM security checkpoints could compromise the overall safety and integrity of airline operations.
The discovery of this vulnerability underscores the importance of robust security measures in safeguarding critical systems and sensitive information. As technology continues to advance, it is imperative that organizations remain vigilant in identifying and addressing potential vulnerabilities before they can be exploited by malicious actors. The swift action taken by Carroll and Curry to expose this flaw serves as a stark reminder of the constant threat posed by cybersecurity risks in today’s digital landscape.
Leave a Reply