Massive TSA Security Flaw Disclosed, Allowed Anyone Access to Cockpits
A startling security breach allowed unauthorized access to TSA checkpoints and airplane cockpits. Researchers discovered a vulnerability that could let anyone bypass screening and enter restricted areas. But the real shock came when they reported their findings…
August 30, 2024, 3:46 pm
By Uprise RI Staff
In a shocking revelation disclosed yesterday, a gaping hole in airport security has been uncovered, potentially allowing unauthorized individuals to bypass TSA checkpoints and even access airplane cockpits. This alarming discovery, made by security researchers Sam Curry and Ian Carroll, exposed a vulnerability that could have put countless lives at risk.
The flaw centers around two critical systems used by airlines and the TSA: the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). These systems are designed to allow pilots and flight attendants to bypass regular security screening and access aircraft cockpits when necessary. However, the researchers found that the backend system managing these programs was shockingly insecure.
The vulnerability was discovered in a system called FlyCASS, used by smaller airlines to manage their KCM and CASS access. Through a simple SQL injection attack – a technique well-known to hackers for decades – the researchers were able to gain administrative access to the system for Air Transport International, one of the 77 airlines participating in KCM.
Once inside, they found they could add anyone they wanted as an authorized user for both KCM and CASS. This means they could potentially create fake crew members who could bypass security screening and access airplane cockpits. No additional checks or authentication were required to add new employees to the system.
To test the extent of the vulnerability, the researchers created a fake employee named “Test TestOnly” and authorized them for both KCM and CASS access. Alarmingly, this fake employee was immediately approved in the system.
The implications of this security flaw are staggering. Had this vulnerability been discovered by someone with malicious intent, they could have potentially added themselves or others as authorized crew members, bypassing security screenings and gaining access to restricted areas of airports and airplanes.
What’s perhaps even more concerning is the response from the Department of Homeland Security (DHS) and the Transportation Security Administration (TSA) when the researchers reported their findings. Initially, DHS acknowledged the issue and confirmed they were taking it seriously. FlyCASS was subsequently disabled in the KCM/CASS systems and the vulnerabilities were reportedly fixed.
However, things took a turn for the worse when the researchers attempted to coordinate the safe disclosure of the issue. Instead of working with the researchers, DHS stopped responding to their communications. Even more troubling, the TSA press office issued statements that the researchers claim were “dangerously incorrect” about the vulnerability.
The TSA claimed that the vulnerability couldn’t be used to access a KCM checkpoint because they initiate a vetting process before issuing a KCM barcode to a new member. However, the researchers pointed out that a KCM barcode isn’t actually required to use KCM checkpoints – TSA officers can manually enter an airline employee ID.
When the researchers informed the TSA of this fact, the agency’s response was to delete the section of their website that mentioned manually entering employee IDs. They did not respond to the researchers’ correction, and the researchers confirmed that TSA officers can still manually input employee IDs.
This incident raises serious questions about the security of our air travel system and the competence of those tasked with protecting it. If two security researchers could so easily find and exploit this vulnerability, how many other flaws might exist that haven’t yet been discovered? And perhaps more importantly, how many may have already been found by those with malicious intent?
The handling of this disclosure by DHS and the TSA is equally troubling. Instead of embracing the work of these researchers and using it to improve their systems, they appear to have attempted to sweep the issue under the rug. This behavior not only discourages future security research but also potentially puts lives at risk by leaving vulnerabilities unaddressed.
As air travelers, we place an enormous amount of trust in the systems and people responsible for keeping us safe. This incident serves as a stark reminder of how fragile that safety can be, and how important it is to remain vigilant and demand accountability from our security agencies.
While the specific vulnerability discovered by Curry and Carroll has reportedly been fixed, their experience highlights a larger issue in how our government agencies handle cybersecurity threats. In an age where digital systems play an increasingly critical role in our safety and security, we need a more transparent, responsive, and collaborative approach to addressing vulnerabilities when they’re discovered.
As we continue to rely on technology to keep us safe in the air and on the ground, it’s crucial that we also invest in the human side of security. This means not only improving our technical systems but also fostering a culture of openness and cooperation between security researchers, private companies, and government agencies.
The skies may be friendly, but as this incident shows, they’re only as secure as the systems we use to protect them. It’s time for a serious conversation about how we approach airline security in the digital age, and how we can better work together to keep travelers safe.
Please support our work...
We are an ad-free publication with no paywalls or fees to read our content. We rely instead on generous donations from readers like you. Will you help support us?