Bypassing airport security via SQL injection

Summary:

Known Crewmembers (KCM) is a TSA program that allows pilots and flight attendants to bypass security screening and access the sterile area without screening due to their employment status. The system is operated by ARINC, with 77 airlines participating. FlyCASS offers a web-based interface to smaller airlines for CASS authorization, but was found to have serious security flaws, including SQL injection vulnerabilities that allowed unauthorized access to KCM and CASS. Despite efforts to disclose these issues, the Department of Homeland Security and TSA initially denied the severity of the vulnerabilities. The flaws were eventually addressed, but potential risks to airline security remain.

https://ian.sh/tsa

To top