Slashdot Mirror
A Flaw Found in E-Ticketing Systems Used By at Least Eight Airlines Could Be Exploited To Access Sensitive Information About Travelers (betanews.com)
Eight airlines, including Southwest, use e-ticketing systems that could allow hackers to access sensitive information about travelers merely by intercepting emails, according to research published Wednesday by the mobile security company Wandera. From a news writeup: Researchers at security and data management company Wandera have uncovered a vulnerability affecting a number of e-ticketing systems that could allow third parties to view, and in some cases even change, a user's flight booking details, or print their boarding passes. The problem affects a number of major airlines including Southwest, Air France, KLM and Thomas Cook.
All of these have sent unencrypted check-in links to passengers. On clicking these links, a passenger is directed to a site where they are logged in automatically to the check-in for their flight, and in some cases they can then make changes to their booking.
All of these have sent unencrypted check-in links to passengers. On clicking these links, a passenger is directed to a site where they are logged in automatically to the check-in for their flight, and in some cases they can then make changes to their booking.
A PDF phone bill can often be used to change phone/internet service by calling the provider, since it has the account # + verification code. How many tickets actually get "stolen" or "altered" because of intercepted emails?