The discovery of this vulnerability raises serious concerns about the security of air travel, as it exposes a potential avenue for unauthorised access to highly sensitive areas of an aircraft
Security researchers have uncovered a significant vulnerability in a key air transport security system that could have allowed unauthorised individuals to bypass airport screenings and gain access to aircraft cockpits.
Researchers Ian Carroll and Sam Curry identified the flaw in FlyCASS, a web-based service used by some airlines to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). The KCM program, run by the Transportation Security Administration (TSA), allows pilots and flight attendants to bypass standard security screening. The CASS system, on the other hand, verifies pilots for cockpit jumpseat access when they need to commute or travel.
The KCM system, managed by ARINC, a subsidiary of Collins Aerospace, authenticates airline employees’ credentials through an online platform. Employees scan a KCM barcode or enter their employee number, which is then cross-referenced with the airline’s database to grant access without the need for security screening. Similarly, the CASS system checks pilots’ credentials for jumpseat access.
Carroll and Curry found that the FlyCASS login system was vulnerable to SQL injection, a common exploit that allows attackers to manipulate a database by inserting malicious SQL statements. By exploiting this flaw, the researchers were able to log in as administrators for Air Transport International, one of the participating airlines, and manipulate employee data within the system.
During their testing, they created a fictitious employee account named “Test TestOnly” and granted it access to both KCM and CASS. This effectively allowed the account to skip security screening and gain cockpit access on commercial flights.
“Anyone with basic knowledge of SQL injection could log in to this site and add anyone they wanted to KCM and CASS, allowing themselves to both skip security screening and then access the cockpits of commercial airliners,” Carroll explained.
The discovery of this vulnerability raises serious concerns about the security of air travel, as it exposes a potential avenue for unauthorised access to highly sensitive areas of an aircraft. The findings underscore the need for robust cybersecurity measures in systems that are critical to public safety.
