Connect with us

Hi, what are you looking for?

Gain That FlavourGain That Flavour

Tech News

Researchers say a bug let them add fake pilots to rosters used for TSA checks

A collection of warning signs, bugs, and notifications emulating malware or a cyber attack. The images are placed in a connected web against a blue background.
Illustration by Carlo Cadenas / The Verge

A pair of security researchers say they discovered a vulnerability in login systems for records that the Transportation Security Administration (TSA) uses to verify airline crew members at airport security checkpoints. The bug let anyone with a “basic knowledge of SQL injection” add themselves to airline rosters, potentially letting them breeze through security and into the cockpit of a commercial airplane, researcher Ian Carroll wrote in a blog post in August.

Carroll and his partner, Sam Curry, apparently discovered the vulnerability while probing the third-party website of a vendor called FlyCASS that provides smaller airlines access to the TSA’s Known Crewmember (KCM) system and Cockpit Access Security System (CASS). They found that…

Continue reading…

You May Also Like

Editor's Pick

Michael F. Cannon President Joe Biden has touted how the Inflation Reduction Act (IRA) gives Medicare the power to negotiate lower drug prices. He...

Editor's Pick

Adam N. Michel Tax policy has taken on an outsized role in this year’s presidential campaign and was mentioned repeatedly in the recent presidential...

Editor's Pick

Jennifer J. Schulp American financial privacy has been in steady decline for more than 50 years. Regulatory frameworks, such as the Bank Secrecy Act and...

Editor's Pick

David Inserra Statement from David Inserra, a fellow for free expression and technology at the Cato Institute: Brazilian courts have now formally threatened to...