Airlines: Passengers' DATA is at RISK

Hello Everyone!!!

Welcome back to Dark Street Hackers where we believe in spreading knowledge and awareness in the field of Cyber Security. Today we are going to talk about security risks in the department of Airlines.

It has been observed that multiple airlines do not encrypt e-ticket booking system, they are leaving customers' personal data open for the taking….!!!

Researchers have found that multiple airlines not using adequate encryption with an airline check-in system and booking system. This flaw could allow a good actor to change in booking details or boarding pass on the same network.

A security expert at wandera found that eight airlines 'Southwest, Air France, KLM, Transavia, Jetstar, Vueling, Air Europa and Thomas Cook' have been sending some unencrypted check-in links through their e-ticketing system. 

These airlines send an unencrypted link to passengers and when passengers clicking on these links they are automatically switched on to the link where they are logged in to the check-in for their flight, and in certain cases, they allow to make some changes to their booking and print off the boarding pass. At the same time, this flow allows a hacker to gain access to the passenger online check-in and allow to make changes in it.

A good hacker could then view all of the personal data of passengers belong to airline booking including full name, frequent traveller number, confirmation number. Using these credentials, the attacker able to visit the e-ticketing system before the flight takes off and get access to all the personal identifiable information (PII) associated with airline booking.

That PII includes document number (passport ID) and expiration date, flight numbers and times, email, name, boarding passes and even seat assignments. Hacker could also remove or add extra bugs, change allocated seats and change the email associated with the booking and also mobile number.

However, all Airline assure that they take care of the security of their customer’s data very seriously and investigated this matter as a higher level of priority. They have looked into the questions raised and take immediate action to further the security of customer data.

Stay safe Stay Tune!!!

Thank you for your time and stay connected with Dark Street Hackers for more and more interesting articles.