A recent discovery by security researchers has revealed a critical vulnerability in the login systems used by the Transportation Security Administration (TSA) to verify airline crew members at airport security checkpoints. This vulnerability has the potential to allow unauthorized individuals to add themselves to airline rosters, gaining access to restricted areas of the airport and potentially even the cockpit of a commercial airplane.
The security researchers, Ian Carroll and Sam Curry, came across the vulnerability while investigating the third-party website of a vendor called FlyCASS. This vendor provides smaller airlines access to the TSA’s Known Crewmember (KCM) system and Cockpit Access Security System (CASS). By inserting a simple apostrophe into the username field, the researchers triggered a MySQL error, indicating that the username was directly being inserted into the login SQL query. This vulnerability allowed them to perform a SQL injection attack and gain unauthorized access to the system.
Once inside the system, Carroll and Curry found that there was no further authentication or check in place to prevent them from adding crew records and photos for any airline that uses FlyCASS. This means that an attacker could potentially create fake employee records and gain access to restricted areas within the airport, bypassing security checkpoints with a fake employee number.
The implications of this vulnerability are severe, as it could allow malicious actors to bypass critical security measures and gain access to sensitive areas within airports. In the worst-case scenario, an attacker could potentially gain access to the cockpit of a commercial airplane, posing a serious threat to the safety of passengers and crew.
The discovery of this vulnerability highlights the importance of rigorous security testing and constant monitoring of systems that handle sensitive information. It also serves as a reminder of the potential risks that come with third-party vendors and the importance of ensuring that proper security measures are in place to protect against unauthorized access. The TSA and airline industry must take immediate action to address this vulnerability and prevent any potential security breaches in the future.