E-ticketing system exposes airline passengers’ personal information via email

At least eight airlines, including Southwest, use e-ticketing systems that could allow hackers to access sensitive information about travelers merely by intercepting emails, according to research published Wednesday by the mobile security company Wandera. The systems fail to secure customers’ personally identifiable information, including names, boarding passes, passport numbers and flight numbers, Wandera said. The email vulnerabilities still exist, Wandera found, even though researchers notified affected companies weeks ago, and despite growing corporate awareness about the risks associated with sacrificing security for convenience. The weakness is a check-in link that is emailed to customers, Wandera researchers found. Customer information is embedded in the links, allowing travelers to travel from their email to a website where they check in for a flight without needing to enter their username and password. However the links are unencrypted and re-usable, presenting a tempting target for hackers, according to Michael Covington, vice president of product at Wandera. […]

The post E-ticketing system exposes airline passengers’ personal information via email appeared first on CyberScoop.

Continue reading E-ticketing system exposes airline passengers’ personal information via email

In-flight satellite comms vulnerable to remote attack, researcher finds

IOActive’s researcher Ruben Santamarta is the sort of person anyone interested in computer security would probably enjoy sitting next to on a long flight. Take the journey he made last November between Madrid and Copenhagen on Norwegian during which (n… Continue reading In-flight satellite comms vulnerable to remote attack, researcher finds