Techly NewsGet the app

Get the latest tech news

Researchers say a bug let them add fake pilots to rosters used for TSA checks


Becoming a pilot through SQL expertise.

Carroll and his partner, Sam Curry, apparently discovered the vulnerability while probing the third-party website of a vendor called FlyCASS that provides smaller airlines access to the TSA’s Known Crewmember (KCM) system and Cockpit Access Security System (CASS). Once they were in, Carroll writes that there was “no further check or authentication” preventing them from adding crew records and photos for any airline that uses FlyCASS. TSA press secretary R. Carter Langston denied that, telling Bleeping Computer that the agency “does not solely rely on this database to authenticate flight crew, and that “only verified crewmembers are permitted access to the secure area in airports.”

Get the Android app

Or read this on The Verge

Read more on:

Photo of bug

bug

Photo of tsa

tsa

Photo of researchers

researchers

Related news:

News photo

Over 1.4 million Ram 1500 trucks recalled to fix a bug in the anti-lock brake system

News photo

Hawking Archive made available to historians and researchers

News photo

Microsoft Says Its Recall Uninstall Option in Windows 11 is Just a Bug

« S. Korea to certify EV battery safety before sale
Unconventional Case Study of Neoadjuvant Oncolytic Virotherapy for Breast Cancer »