Frequent Flyer Points Put at Risk By Website Flaws

Airline booking systems lack basic security checks that would stop attackers changing flight details or stealing rewards, warn experts. From a report on BBC: The problems emerge because the six-digit codes booking systems use to identify travellers are easy to guess. Two researchers demonstrated the weaknesses by changing a flight booking and seat assignment for a reporter. The security investigators presented their findings at the Chaos Communications Congress in Germany. In a blog detailing their work Karsten Nohl and Nemanja Nikodijevic of Security Research Labs (SRL) said the computer systems behind the airlines' travel bookings system dated from the 1970s and 1980s. Though these have been updated with web services they lack security systems that would prevent abuse, they said. In particular, they added, the systems have no way to check, or authenticate, who is querying the system for flight details.