Recently, a pair of security researchers uncovered a critical vulnerability in the login systems used by the Transportation Security Administration (TSA) to verify airline crew members at airport security checkpoints. This vulnerability could potentially allow unauthorized individuals to add themselves to airline rosters, posing a serious security threat to commercial airplanes.
Ian Carroll and Sam Curry, the researchers behind this discovery, found the vulnerability while exploring the third-party website of a vendor called FlyCASS. This vendor provides smaller airlines with access to the TSA’s Known Crewmember (KCM) system and Cockpit Access Security System (CASS). By inserting a simple apostrophe into the username field, they were able to trigger a MySQL error, indicating that the username was being directly inserted into the login SQL query. This vulnerability allowed them to perform a SQL injection attack and gain unauthorized access to the system.
The Exploitation
Once inside the system, Carroll and Curry discovered that there were no additional security checks or authentication measures in place to prevent them from adding crew records and photos for any airline using FlyCASS. This means that individuals exploiting this vulnerability could potentially bypass security checkpoints by presenting a fake employee number, putting the safety of passengers and crew at risk.
The implications of this vulnerability are severe and far-reaching. It highlights the importance of regular security audits and assessments of systems that handle sensitive information, especially in critical industries like aviation. The fact that such a simple SQL injection attack could compromise a system responsible for verifying airline crew members underscores the need for robust security measures and protocols.
The discovery of this vulnerability in the TSA’s airline crew verification system serves as a stark reminder of the ever-present threats to cybersecurity. It is imperative for organizations to prioritize security and take proactive steps to identify and address vulnerabilities before they can be exploited by malicious actors. The collaboration between researchers like Carroll and Curry plays a crucial role in identifying and mitigating security risks, ultimately contributing to a safer and more secure digital environment.