Connect with us

Hi, what are you looking for?

Webinar Expert TeamWebinar Expert Team

Tech News

Researchers say a bug let them add fake pilots to rosters used for TSA checks

A collection of warning signs, bugs, and notifications emulating malware or a cyber attack. The images are placed in a connected web against a blue background.
Illustration by Carlo Cadenas / The Verge

A pair of security researchers say they discovered a vulnerability in login systems for records that the Transportation Security Administration (TSA) uses to verify airline crew members at airport security checkpoints. The bug let anyone with a “basic knowledge of SQL injection” add themselves to airline rosters, potentially letting them breeze through security and into the cockpit of a commercial airplane, researcher Ian Carroll wrote in a blog post in August.

Carroll and his partner, Sam Curry, apparently discovered the vulnerability while probing the third-party website of a vendor called FlyCASS that provides smaller airlines access to the TSA’s Known Crewmember (KCM) system and Cockpit Access Security System (CASS). They found that…

Continue reading…

You May Also Like

Editor's Pick

Romina Boccia Transparency and accessibility of information about federal spending are critical for equipping citizens to hold their representatives accountable. The Congressional Budget Office...

Editor's Pick

In this StockCharts TV video, Mary Ellen reviews the broader markets and highlights pockets of strength that are starting to trend higher. She also shares...

Editor's Pick

Adam N. Michel Tax policy has taken on an outsized role in this year’s presidential campaign and was mentioned repeatedly in the recent presidential...

Tech News

Starliner just after undocking from the ISS. | Screenshot: YouTube The Boeing Starliner spacecraft successfully completed its uncrewed flight back to Earth, NASA announced...