Adrian Johnson
TLDR: Researchers Find SQL Injection to Bypass Airport TSA Security Checks
In a recent discovery, security researchers found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits. The researchers discovered that FlyCASS, a third-party web-based service used by some airlines, was susceptible to SQL injection, enabling attackers to insert malicious database queries. By exploiting this flaw, they were able to manipulate employee data within the system and grant access to skip security screenings and access cockpit areas.
After detecting the vulnerability, the researchers immediately contacted the Department of Homeland Security (DHS) on April 23, 2024. The FlyCASS system was disconnected from the KCM/CASS system as a precautionary measure and the vulnerability was subsequently fixed. Despite efforts to coordinate a safe disclosure, the researchers faced resistance from the DHS and TSA, who denied the vulnerability’s impact. Following the report, additional security breaches were discovered, highlighting the severity of the issue.
The researchers’ findings shed light on the importance of addressing vulnerabilities in critical security systems to prevent potential threats and ensure the safety of air transport operations.
