Flight Booking System Flaw Affected Customers of 141 Airlines Worldwide

Haythem Elmir
0 1
Read Time2 Minute, 19 Second

Almost half of the fight travelers around the world were found exposed to a critical security vulnerability discovered in online flight ticket booking system that allowed remote hackers to access and modify their travel details and even claim their frequent flyer miles.

Israeli network security researcher Noam Rotem discovered the vulnerability when he booked a flight on the Israeli airline ELAL, successful exploitation of which just required victim’s PNR (Passenger Name Record) number.

The vulnerability resided in the widely used online flight booking system developed by Amadeus, which is currently being used by nearly 141 international airlines, including United Airlines, Lufthansa and Air Canada.

After booking a flight with ELAL, the traveler receives a PNR number and a unique link that allows customers to check their booking status and related information associated with that PNR.

Rotem found that merely by changing the value of the « RULE_SOURCE_1_ID » parameter on that link to someone else’s PNR number would display personal and booking-related information from the account associated with that customer.

flight hacking

Using disclosed information, i.e. booking ID and last name of the customer, an attacker can simply access the victim’s account on ELAL’s customer portal and « make changes, claim frequent flyer miles to a personal account, assign seats and meals, and update the customer’s email and phone number, which could then be used to cancel/change flight reservation via customer service. »

Rotem also figured out that the Amadeus portal was not using any brute-force protection that eventually allowed attackers to attempt every alphanumeric uppercase complications using a script, as shown, to find all active PNR numbers of customers of any Amadeus-linked airline website.

You can see the video demonstration provided by the researcher to know how a simple script devised by him guessed the PNR numbers and was able to find active numbers in Amadeus.

Since the Amadeus booking system is being used by at least 141 airlines, the vulnerability could have affected hundreds of millions of travelers.

After discovering the vulnerability, Rotem immediately contacted ELAL to point out the threat and suggested the airline to introduce captchas, passwords and a bot protection mechanism in order to prevent brute-force attempts.

Amadeus has now fixed the issue, and the Rotem’s script can no longer identify active PNRs as demonstrated in the above video.

Upon contacting Amadeus, the company replied, « At Amadeus, we give security the highest priority and are constantly monitoring and updating our systems. Our technical teams took immediate action, and we can now confirm that the issue is solved. »

Amadeus also added that the company has also added a Recovery PTR to strengthen security further and « prevent a malicious user from accessing travelers’ personal information. »

Source: https://thehackernews.com/2019/01/airlines-flight-hacking.html

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
100 %
Surprise
Surprise
0 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Laisser un commentaire

Next Post

Drupal fixes 2 critical code execution issues flaws in Drupal 7, 8.5 and 8.6

Drupal released security updates for Drupal 7, 8.5 and 8.6 that address two “critical” security vulnerabilities that could be exploited for arbitrary code execution. The first vulnerability could be exploited by a remote attacker to execute arbitrary PHP code. The flaw resides in the phar stream wrapper implemented in PHP and is […]