Flaw in Multiple Airline Systems Exposes Passenger Data


Researchers have discovered that multiple airline e-ticketing systems do not encrypt check-in links. The security faux pas could allow bad actors on the same network as the victim to view – and in some cases even change – their flight booking details or boarding passes.

Security researchers at Wandera said that eight airlines have been sending some unencrypted check-in links through their e-ticketing systems: Southwest, Air France, KLM, Vueling, Jetstar, Thomas Cook, Transavia, and Air Europa.

“Our threat researchers discovered that these airlines have sent unencrypted check-in links to passengers,” Liarna La Porta, with Wandera, said on Wednesday.

Read more…
Source: ThreatPost