The researchers began investigating the KCM system after noticing the special security lanes for airline crew at airports. Through their research, they found that FlyCASS, which handles KCM and CASS requests for some airlines, was susceptible to SQL injection. By exploiting this vulnerability, they could manipulate the system to gain administrative access. Once inside, they could add unverified names to the list of approved crewmembers, effectively granting unauthorized access to secure areas and even the cockpit of flights.
Upon discovering the vulnerability, Carroll and Curry initiated the disclosure process. However, they encountered difficulties in coordinating with U.S. authorities, particularly the TSA. The TSA downplayed the severity of the vulnerability, issuing statements that the flaw could not be used to bypass security checks, even though the researchers demonstrated otherwise. Despite these challenges, FlyCASS was disconnected from the KCM and CASS programs on April 25, 2024, to prevent further exploitation.
This incident underscores the vulnerabilities present in third-party systems used by critical infrastructure and highlights the importance of robust cybersecurity measures and prompt responses to discovered flaws. The researchers’ findings raise serious concerns about the potential for similar exploits in the future and the need for improved security protocols.
Source: The Register
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.