A significant security flaw has been discovered in FlyCASS, a web-based service used by some airlines to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). The vulnerability could have potentially allowed unauthorized individuals to bypass airport security screenings and gain access to aircraft cockpits.
Researchers Ian Carroll and Sam Curry found that the system’s login was vulnerable to SQL injection, a common attack method that allows attackers to manipulate databases. By exploiting this flaw, the researchers were able to add a fictitious employee to the KCM and CASS databases, granting them unauthorized access to secure areas.
The researchers immediately reported the vulnerability to the Department of Homeland Security (DHS), who acknowledged the severity of the issue and disconnected FlyCASS from the KCM/CASS system. However, the researchers faced challenges in coordinating a safe disclosure with both the DHS and the TSA.
The TSA initially denied the vulnerability’s impact but later removed information from its website that contradicted its statements. The researchers also discovered that FlyCASS had suffered a ransomware attack earlier this year.
Despite the TSA’s claims that their procedures would prevent unauthorized access, the vulnerability highlights the importance of robust security measures in critical infrastructure systems. The incident serves as a reminder of the ongoing need to protect against cyber threats that could compromise aviation safety.