Serious security gap uncovered at airports
The well-known security researchers Ian Carroll and Sam Curry have uncovered serious vulnerabilities in the FlyCASS system. This is a web-based management system used by smaller airlines to manage the Known Crewmember (KCM) and Access Security System (CASS).
The KCM program allows authorized flight personnel to bypass regular security checks at airports, while CASS regulates access to the cockpit of aircraft. The vulnerability discovered by the researchers allows hackers to log in as administrators through a so-called SQL injection attack, whereby any person can be added as a KCM or registered in CASS. In practice, this could allow unauthorized persons to bypass security checks and even get into the cockpit of an aircraft. FlyCASS is mainly used by US airlines. It is unclear whether european airlines are also affected.
FlyCASS has now been switched off
Following their alarming discovery, Carroll and Curry informed the US Department of Homeland Security (DHS). This was on April 24, 2024, and a day later the Department confirmed that it was looking for a solution. FlyCASS was shut down on July 5, 2024, meaning the vulnerability persisted for more than two months after the DHS was notified.
Are you a techie who knows how to write? Then join our Team! Wanted:
- News Writer (Romania based)
Details here