Skip to main content
  1. Home
  2. Computing
  3. News

A flaw in e-ticket systems could mean a hacker can print your boarding pass

Arif Bacchus
By
best flight tracking apps
Trevor Mogg

Security researchers at the firm Wandera have exposed a vulnerability in the e-ticking system used by several popular global airlines. The vulnerability was discovered in December and involves unsecured check-in emails that can put the personal information of passengers at risk or even allow a hacker to print boarding passes.

Though there is no evidence that currently supports a major data breach, eight airlines including Southwest, Air France, KLM, Vueling, Jetstar, Thomas Cook, Transavia, and Air Europa are impacted by this vulnerability. According to Wandera, these airliners are sending unencrypted check-in links, which otherwise automatically log passengers into a website to check flight status and print boarding passes. That can allow a hacker who is sharing the same Wi-Fi network as a passenger to intercept the link and gain access to the same information.

Recommended Videos

Several types of personally identifiable information can be accessed through this vulnerability, including passport information, seat assignments, first and last names and baggage selections. However, the type of information that can be stolen depends on each airline e-ticking system. In some cases, hackers can still leverage this information to their advantage to change an itinerary. That includes the ability to add or remove extra bags, change seating arrangements, or alter both the mobile phone number or email associated with a booking.

Related

“Our threat research team observed that travel-related passenger details were being sent without encryption as one of our secured customers accessed the e-ticketing system of one of the airlines mentioned above. It was at that time that Wandera notified the airline and began further research,” Wandera said.

The vulnerability was shared the appropriate government agencies as well as with the airlines. A period of four weeks is given for the vulnerability to be fixed before it was made public. As a solution, Wandera recommends for airlines to adopt strong encryption methods, require user authentication, and use one-time tokens for links in emails.

This would not be the first time that airliners have faced scrutiny relating to its cybersecurity practices. Though more severe, a British Airways data hack in 2018 impacted more than 380,000 passengers after its computer systems were breached. A separate instance with Cathay Pacific also impacted up to 10 million of its customers in 2018.

Editors' Recommendations

Topics
Arif Bacchus
Arif Bacchus
Computing Writer
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
4 CPUs you should buy instead of the Ryzen 7 7800X3D
AMD Ryzen 7 7800X3D sitting on a motherboard.

The Ryzen 7 7800X3D is one of the best gaming processors you can buy, and it's easy to see why. It's easily the fastest gaming CPU on the market, it's reasonably priced, and it's available on a platform that AMD says it will support for several years. But it's not the right chip for everyone.

Although the Ryzen 7 7800X3D ticks all the right boxes, there are several alternatives available. Some are cheaper while still offering great performance, while others are more powerful in applications outside of gaming. The Ryzen 7 7800X3D is a great CPU, but if you want to do a little more shopping, these are the other processors you should consider.
AMD Ryzen 7 5800X3D

Read more
Even the new mid-tier Snapdragon X Plus beats Apple’s M3
A photo of the Snapdragon X Plus CPU in the die

You might have already heard of the Snapdragon X Elite, the upcoming chips from Qualcomm that everyone's excited about. They're not out yet, but Qualcomm is already announcing another configuration to live alongside it: the Snapdragon X Plus.

The Snapdragon X Plus is pretty similar to the flagship Snapdragon X Elite in terms of everyday performance but, as a new chip tier, aims to bring AI capabilities to a wider portfolio of ARM-powered laptops. To be clear, though, this one is a step down from the flagship Snapdragon X Elite, in the same way that an Intel Core Ultra 7 is a step down from Core Ultra 9.

Read more
Gigabyte just confirmed AMD’s Ryzen 9000 CPUs
Pads on the AMD Ryzen 7 7800X3D.

Gigabyte spoiled AMD's surprise a bit by confirming the company's next-gen CPUs. In a press release announcing a new BIOS for X670, B650, and A620 motherboards, Gigabyte not only confirmed that support has been added for next-gen AMD CPUs, but specifically referred to them as "AMD Ryzen 9000 series processors."

We've already seen MSI and Asus add support for next-gen AMD CPUs through BIOS updates, but neither of them called the CPUs Ryzen 9000. They didn't put out a dedicated press release for the updates, either. It should go without saying, but we don't often see a press release for new BIOS versions, suggesting Gigabyte wanted to make a splash with its support.

Read more