Connect with us

Hi, what are you looking for?

Tech News

Researchers say a bug let them add fake pilots to rosters used for TSA checks

A collection of warning signs, bugs, and notifications emulating malware or a cyber attack. The images are placed in a connected web against a blue background.
Illustration by Carlo Cadenas / The Verge

A pair of security researchers say they discovered a vulnerability in login systems for records that the Transportation Security Administration (TSA) uses to verify airline crew members at airport security checkpoints. The bug let anyone with a “basic knowledge of SQL injection” add themselves to airline rosters, potentially letting them breeze through security and into the cockpit of a commercial airplane, researcher Ian Carroll wrote in a blog post in August.

Carroll and his partner, Sam Curry, apparently discovered the vulnerability while probing the third-party website of a vendor called FlyCASS that provides smaller airlines access to the TSA’s Known Crewmember (KCM) system and Cockpit Access Security System (CASS). They found that…

Continue reading…

You May Also Like

Politics

President Joe Biden held the floor for an impromptu Q&A session Friday afternoon during the White House press briefing, where he claimed Vice President Kamala...

Tech News

Hedging one’s bets, I suppose. | Photo by Gregg DeGuire/Getty Images After the podcast where Ben Horowitz repeatedly congratulated himself for being brave enough...

Tech News

Garmins aren’t just multisport behemoths anymore. | Illustration by Will Joel / The Verge Garmin may be best known for its hardcore fitness watches,...

Tech News

You can get a great device for less than $500 these days if you know how to pick your priorities. | Image: The Verge...