Tech News
Anyone Could Evade Airport Security Via SQL Injection Attack
Security researchers have uncovered a significant vulnerability in airport and flight cockpit security systems that could potentially be exploited by attackers. The vulnerability, specifically an SQL injection flaw, could allow attackers to bypass security checks at airports and gain unauthorized access to areas such as cockpits.
Researchers Demonstrate SQL Injection Bypass on Airport Security
In a recent demonstration, researchers Ian Carroll and Sam Curry shed light on a critical security flaw in airport security systems. They discovered how a malicious actor could exploit SQL injection vulnerabilities in the FlyCASS cockpit security system to bypass security checks.
FlyCASS is a web-based security system designed to help airlines verify the eligibility of crew members for cockpit access. It is commonly used by small airlines to comply with the Known Crewmember (KCM) program and Cockpit Access Security System (CASS) established by the Transportation Security Administration (TSA).
The researchers identified an SQL injection vulnerability on the FlyCASS login page, allowing attackers to inject malicious SQL queries into the crew members’ database. They also noted that additional authentication checks were lacking when adding new employees to the database. To validate their findings, they added a “Test” user account, which was immediately granted access to KCM and CASS privileges.
This vulnerability could potentially enable attackers to add unauthorized users to the KCM and CASS database, circumventing standard airport screening procedures.
Resolution of the Vulnerability
Upon discovering the vulnerability, the researchers promptly reported it to the Department of Homeland Security (DHS). The DHS acknowledged the report and took necessary actions. Subsequently, FlyCASS was disabled from the KCM/CASS system until the vulnerability was addressed.
Following the fix, the researchers did not receive further communication from the DHS regarding the vulnerability disclosure. Additionally, they received a statement from TSA denying the existence of the exploit. However, the researchers maintain their findings and warn of potential attack scenarios targeting KCM/CASS checks.
Share your thoughts in the comments section below.
8 Tips to Staying Safe on a Hiking Adventure
Hamas issues call to arms against displacement as Israel orders new evacuations
Want to Set Goals and Achieve Them Like Never Before? Try the KASH Method
Panty Party Perfect announced – Niche Gamer
OpenAI plans to release a new ‘open’ language model in the coming months
The White Lotus Season 3 Finale: 7 Questions We Want Answered
Trump tariffs not large enough to trigger recession so far in Canada: RBC – National
180 Funny Quotes of the Day for Laughs, Positive Vibes and Stress Relief
‘The View’: Sunny Hostin Slams White House Correspondents’ Dinner For Giving In To “Bully” Trump By Firing Amber Ruffin As Host
The Sinking City Remastered announced
Singapore Airlines CEO set to join board of Air India, BA News, BA
Croatia to reintroduce compulsory military draft as regional tensions soar
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
Bangladesh crisis: Refaat Ahmed sworn in as Bangladesh’s new chief justice
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
15 of the Best Trike & Tricycles Mums Recommend
15 Best Magnetic Tile Race Tracks for Kids!
Have Unlimited Korean Food at MANY Unlimited Topokki!
Soccer team’s drone at center of Paris Olympics spying scandal
Satisfy Your Meat and BBQ Cravings While in Texas
-
Destination6 months agoSingapore Airlines CEO set to join board of Air India, BA News, BA
-
Breaking News8 months agoCroatia to reintroduce compulsory military draft as regional tensions soar
-
Tech News10 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Breaking News8 months agoBangladesh crisis: Refaat Ahmed sworn in as Bangladesh’s new chief justice
-
Gaming7 months agoThe Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Toys10 months ago15 of the Best Trike & Tricycles Mums Recommend
-
Toys8 months ago15 Best Magnetic Tile Race Tracks for Kids!
-
Guides & Tips8 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!