Monday, December 26, 2016

Security gap in Online flight tickets discovered – FAZ – Frankfurter Allgemeine Zeitung

In the digitization, millions of Germans almost everything online. From Bank bills to the weekly shop, everything can be conveniently done from the Laptop. And that’s the way most use the Internet, when it comes to Booking flights. However, as Karsten Nohl, the founder and head of the company Security Research Labs (SR Labs), the “süddeutsche Zeitung” reported, is located in this System a security error, the passengers could cost your dearly paid-for flight.

“reservation systems, such as this a safety feature that we know from all other computer systems and the password is missing,” says Nohl. A passenger wants to access his flight details, or want him to rebook or cancel, you will only be asked to enter a six – digit letter and number code and the name.

More about

This combination can then be used by any modern computer filtered out. “There is no need for elaborate hacking qualities.”, the company says the owner, “If I have the Code and the name of an actual passenger, I need to change only the E-Mail address. Then no one realizes something of the changed data." The Hacker could use To Check-in Online for a flight for himself, for he has not even paid for. Because in the Schengen area nobody asks almost to the Pass.

But how big is the Problem actually? First of all, the security seems to limit the gap only to some of the providers.

one Of these companies, the travel services provider Amadeus, the travel Agency was, for example, Online booking links sites, airlines and passengers. As Nohl explained to the “daily show”, would be awarded in “Amadeus” every day one to two million booking codes. “And we know almost all of them quite carefully, as the digits are sequentially assigned.” This would have considerable leeway to hacker attacks.

Thomas Jarzombek, Chairman of the working group “Digital Agenda” and the CDU-politician detects little willingness to close these security gaps: “We see time and again that there are safety standards that are based on good Faith. Here, the good Faith is obvious that it is enough, if you know the name and the reference number of the passenger and will not be queried."

the Association of The German aviation industry looks at the Problem as resolved. Constantly IT would be reviewed systems for security vulnerabilities, and the Stealing of Online Tickets would only have been in a closed maintenance period.


No comments:

Post a Comment