In a recent discovery by security researchers Ian Carroll and Sam Curry, a critical vulnerability was found in the Transportation Security Administration’s (TSA) Known Crewmember (KCM) system. This vulnerability allowed individuals with basic knowledge of SQL injection to add themselves to airline rosters, potentially granting them access to security checkpoints and even the cockpit of a commercial airplane.
The Discovery
Carroll and Curry stumbled upon this flaw while investigating a third-party vendor website called FlyCASS, which provides smaller airlines with access to the TSA’s KCM system and Cockpit Access Security System (CASS). By inputting a simple apostrophe into the username field, they received a MySQL error indicating that the username was directly inserted into the login SQL query. This glaring vulnerability allowed them to exploit the system using tools like sqlmap, ultimately gaining administrator access to Air Transport International through a crafted username and password.
Once inside, Carroll noted that there were no additional checks or authentication measures in place to prevent them from adding crew records and photos for any airline using FlyCASS. This meant that anyone exploiting the vulnerability could easily falsify employee credentials and bypass KCM security checkpoints, posing a serious threat to airline security and passenger safety.
This revelation raises serious concerns about the TSA’s oversight and security measures when it comes to third-party vendors and their access to critical systems like the KCM. The lack of proper authentication protocols and the presence of such glaring vulnerabilities highlight the need for stronger cybersecurity practices and continuous monitoring to mitigate risks of unauthorized access and data breaches.
The SQL injection vulnerability discovered in the TSA’s Known Crewmember system is a stark reminder of the ever-present threat of cybersecurity breaches in critical infrastructure. It underscores the importance of robust security measures, regular vulnerability assessments, and proactive risk management to safeguard sensitive systems and information from malicious actors. The TSA must take swift action to address these issues and prevent similar incidents from occurring in the future to uphold the safety and integrity of the aviation industry.
Leave a Reply