Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Airline. Show all posts
United States
Airline Carrier Flaw Technical Glitch Technology Threat Landscape United States

United Airlines Claims to Have Patched the Technical Glitch That Briefly Held Up Its Flights

 

United Airlines said Tuesday that it has fixed a technical fault that had led it to suspend worldwide departures, briefly crippling one of America's largest carriers on a busy travel day. 

According to federal authorities, United crews were unable to contact airline dispatchers through conventional channels.

"United asked the FAA to pause the airline's departures nationwide," the Federal Aviation Administration (FAA) announced on X,the social media platform formerly known as Twitter.

The FAA stated that the issue was limited to United and its subsidiaries. The FAA released a bulletin about United's ground halt shortly before 2 p.m. Eastern time, and flights resumed shortly after.

“We have identified a fix for the technology issue and flights have resumed,” United clarified in a statement. “We’re working with impacted customers to help them reach their destinations as soon as possible.” 

The airline had previously stated that it was "experiencing a systemwide technology issue" that was causing all departing planes to be delayed. Flights that were already in the air at the time of the technical failure continued to their destinations. 

According to data from tracking firm FlightAware, by mid-afternoon Tuesday on the East Coast, United had only cancelled seven flights, a far cry from its average of approximately 16 per day over the busy Labour Day weekend. On a day when many Christmas travellers were scheduled to go home, more than 300 United flights — or 12% of the airline's schedule, significantly more than rivals American, Delta, and Southwest — were delayed.

In a statement, Transportation Secretary Pete Buttigieg said that the FAA was "receiving more information about the cause and scope of the issue, and DOT will make sure UA meets its obligations to affected passengers." Buttigieg has criticised airlines for flight delays and other problems over the past year. 

The FAA is part of the Department of Transportation. United Airlines Holdings Inc. shares plummeted nearly 3% in afternoon trading on news of the ground stop.

A malfunction in National Air Traffic Services’ (NATS) air traffic control system disrupted a lot of European flights in 2014, while a radar display glitch resulted in multiple flight cancellations in 2019. 

The mayhem that erupted in airports was reminiscent of last summer, when travellers were left detained in British airports for hours at a time. It was the first summer following the COVID-19 lockdowns, and rising demand was met with a manpower shortage, causing many airports around Europe to fail. 

According to the New York Times, the number of flights exiting the United Kingdom over the holiday weekend this year is expected to be 10% more than the same time last year—that's 83% higher than in 2021.
Read more »
Travel
Airline barcode boarding Cyber Security Data Data Privacy Passport Privacy Protection Security Social Media Travel

Why Sharing Boarding Pass Pictures on Social Media Is a Privacy Risk, Warns Expert

 

Individuals flying for the first time are aware that an airline boarding pass includes certain details about a traveler, such as their name, flight number, and seat assignment. However, what might not be common knowledge is that these tickets, whether in paper form or electronic, harbor more personal information than readily apparent.

In particular, the barcode on a boarding pass has the capacity to reveal information like a frequent flier number, contact details, or other identifying particulars. According to privacy researcher Bill Fitzgerald, the specifics contained within the barcode can vary from one airline to another. Nevertheless, a prudent approach is to always assume that the scannable code contains personal information about the traveler and their itinerary.

Moreover, travelers should also consider that these barcodes may encompass driver's license and passport details, as these are typically provided to the airline during check-in or at the airport. Consequently, it is crucial to handle paper boarding passes with care, refraining from casually discarding them into the trash. As Fitzgerald emphasizes, posting them on social media is an absolute no-go.

While these precautions may seem like standard data protection advice, even the most experienced travelers have made mistakes when safeguarding their boarding passes. A prime example is former Australian Prime Minister Tony Abbott, who inadvertently exposed his personal information by sharing an Instagram photo of his Qantas flight boarding pass in March 2020. Although the hacker who gained access to Abbott's details did not misuse the information, the potential for malicious intent is a looming concern.

Most attackers could utilize this data, which may seem insignificant on its own, to initiate further online attacks against the traveler's digital accounts and identity. Mark Scrano, an information security manager at cybersecurity firm Cobalt, warns that many airlines rely solely on the data from the boarding pass, particularly the confirmation code and last name, to grant full access to the traveler's online account. This vulnerability could be exploited to access personal data stored by the airline.

These seemingly inconsequential details, when used strategically, could lead to significant troubles for travelers, including identity theft. Fitzgerald advises against sharing barcodes in any way to protect against this risk. Although paper boarding passes are becoming less common, they are still required in certain situations beyond the passenger's control, such as last-minute seat changes at the gate.

According to Fitzgerald, shredding a boarding pass is one of the safest methods for disposal.

While mobile boarding passes might appear to be a convenient solution for safeguarding personal data, Fitzgerald cautions that using electronic tickets within airline apps or loyalty apps is not as straightforward as it seems. He points out that these apps often pose privacy concerns and frequently incorporate various forms of tracking, including first-party and third-party tracking. Additionally, some apps may disclose the user's location in near-real-time, further complicating the choice between paper and electronic boarding passes.

For travelers who prefer using their smartphones instead of paper tickets, Fitzgerald recommends taking a screenshot of the QR code on the mobile boarding pass and saving it to their photos, eliminating the need for an additional app to access it.

In summary, it is advisable to treat any version of your airline ticket as you would a sensitive personal document, even if it appears that information such as flight numbers or barcodes holds little significance. As Fitzgerald notes, while the consequences of such information falling into the wrong hands may not be catastrophic, travelers should not make it easier for potential threats to exploit their data.
Read more »
Vulnerabilities and Exploits
Airline Airline rewards API Bug Hackers loyality points Travel reward programs Vulnerabilities and Exploits

Hackers Have Scored Unlimited Airline Miles, Targeting One Platform


TRAVEL REWARDS PROGRAMS, such as those provided by hotels and airlines, highlight the unique benefits of joining their club over others. However behind the scenes, several of these programs—including Delta SkyMiles, United MileagePlus, Hilton Honors, and Marriott Bonvoy—share the same digital infrastructure. The business Points, which offers a variety of services including a comprehensive application programming interface (API), provides the backend.

In a new finding, a group of security researcher discovered that the vulnerabilities in the Point.com API are most likely exploited to expose customer data, steal customers’ “loyalty currency,” (such as miles) or the Points global administration accounts in order to acquire control over the entire program.

About the Vulnerabilities

The researchers discovered a vulnerability that involved a manipulation that enabled them to move between internal sections of the Points API infrastructure and then query it for incentive program client orders. 22 million order records, which include information like customer rewards account numbers, addresses, phone numbers, email addresses, and partially completed credit card numbers, have been found in the system. A hacker could not just dump the entire data store at once since Points.com set limits on how many responses the system could provide at once. However, the researchers point out that this would have made it possible for the threat actor to look up for certain people of interest or to gradually drain data from the system over time.

Another bug found was apparently an API configuration issue that could allow a threat actor to enable account authorization token for a user with only their last names and reward numbers. These two pieces of information might have been obtained through earlier hacks or might have been gained by using the first weakness. By controlling client accounts and transferring miles or other reward points to themselves using this token, attackers might deplete the victim's accounts.

The researchers also noted that the two vulnerabilities shared similarities with the other bugs that were discovered earlier, one that impacted the Virgin Red and the other affected the United MileagePlus. However, these bugs too were patched by Points.com.

Most importantly, the researchers discovered a flaw in the Points.com global administration website, where an encrypted cookie issued to each user had been encrypted with a secret phrase "secret" itself, making it vulnerable. The researchers could essentially assume god-like ability to access any Points reward system and even offer accounts limitless miles or other perks by guessing this. They could then decrypt their cookie, reassign themselves global administrator credentials for the website, and re-encrypt their cookie.

Moreover, the researchers assured that their fixed indeed do their jobs right and claimed that Points were in fact very prompt and cooperative in addressing the disclosures.  

Read more »
Travelling Safety
Airline Boarding pass passenger information Privacy stolen information Travel Travelling Safety

Travel HACK: Why you Should not Share Photos of Your Boarding Pass Online

You are done packing the bags, you put on your airport look and now you are all set to board the flight to your dream vacation. You might as well want to post a picture of the trip, or share a picture of your boarding pass. But wait, doing this recklessly may cost you your privacy.

While boarding passes do not include some outright personal information like an address or a phone number, they do involve certain codes that would work well for a crime actor to find information about you

The documents may appear to be nothing more than travel keepsakes outside of their primary use at the airport, but they are much more informative than many travellers realise. According to Amir Tarighat, CEO of cybersecurity company Agency, "people often think, like, 'Just this information isn't enough to compromise (me)' but that's not how the attackers view that information." Boarding passes possess information like the flyer’s legal name, your ticket number, and passenger name record (PNR), a six-digit alphanumeric code specific to their reservation.

Meanwhile, Amir Sachs, founder and CEO of cybersecurity and IT company Blue Light IT said, “Using the PNR and your last name, a hacker can have full access to your booking information, which will give them access to your phone number, email address, and emergency contact information.” Getting a hand to an individual’s PNR also lead to a passenger’s frequent flier number, Known Traveller Number (associated with Global Entry and TSA Pre-Check), and redress number (associated with the Department of Homeland Security’s TRIP program).

With all the aforementioned information, one can easily change a passenger’s booking. In fact, all you need to change or cancel flights online is your name and PNR; a password is not required. Additionally, someone may simply steal a hard-earned frequent flier miles if they gain access to their frequent flier account, which does require a password. Moreover, much worse issues await if a hacker gets hold of a victim’s details through their boarding pass.

Josh Amishav, founder and CEO of data breach monitoring company Breachsense explains, “Your frequent flier number, name, and PNR are valuable for identity theft, enabling fraud like opening credit card accounts or making unauthorised purchases[…]Hackers can employ social engineering techniques, pretending to be airline representatives to trick you into revealing more personal data. They can also create targeted phishing attempts using your boarding pass info, leading to clicking on malicious links or sharing sensitive data.”

While these risks do not stop at posting your boarding pass online, you might as well want to skip the entire printed boarding pass to reduce the risk of data being compromised from a discarded or lost slip. Researcher and senior technical director for cyber safety brand Norton explains, “Consider using a mobile boarding pass to ensure no physical copies will be left behind in your plane seat pocket, boarding area, or somewhere else where scammers can easily grab it.” One may consider that travel apps too could be hacked, so compromising digital boarding pass is not something entirely safe either.

Even though one may get quite lucky to avoid any such issue, posting a photo of your boarding pass online is not worth the risk. Thus, being mindful in taking cautionary measure could save you from any trouble. If you are adamant on posting a picture of your boarding pass online, you can use photo-editing software to hide away that information, or you can skillfully stage your photo so that none of the identifying details are visible, which will also include the barcode.

“Hackers can use barcode scanners to steal information from boarding passes shared online or left behind in airplanes and airports[…]Depending on the airline, a barcode scanner can unveil a flier’s airline account number, associated email and phone number, and your flight’s confirmation code — information that could all be used to make a phishing attack look more realistic,” explains Roundy.

It is also advised to post your travel photos on a delay— ones you are back from your travel, as Sachs says, “Keep your info safe and save the travel bragging for when you’re safely back home!”  

Read more »
WiFi
Airline airline industry CVE CVE vulnerability Exploit Security Flaws Vulnerabilities and Exploits WiFi

Major Vulnerabilities Found in Wireless LAN Devices in Airlines

The two major vulnerabilities were found in the series of the flexlan, a LAN device providing internet services in airlines. The Necrum security labs’ researchers Samy Younsi and Thomas Knudsen, initiated the research which led to tracking two critical vulnerabilities which were identified as CVE-2022-36158 and CVE-2022-36159. 

The vulnerabilities were detected in the Flexlan series named FXA3000 and FXA2000 and have been associated with a Japan-based firm known as Contec. 
 
The researchers said while considering the first vulnerability, that during the execution of reverse engineering on firmware, we found a hidden web page, which was not entailed in the list of wireless LAN manager interfaces. They also added that it simplifies the enforcement of the Linux command over the device with root privileges. The researchers mentioned that the first vulnerability gave access to all the system files along with the telnet port which allows to access the whole device.   
 
Regarding the second vulnerability, the researchers said, it makes use of hard-coded, weak cryptographic keys and backdoor accounts. While carrying out the research, the researchers were also able to recover and get access to a shadow file within a few minutes with the help of a brute-force attack. The file contained the hash of two users including root and users. 
 
The researchers explained the issue that the device owner is only able to change the password from the interface of the web admin as the root account is reserved for maintenance purposes by Contec. This allows the attacker with a root hard-coded password able to access all Flexlan FXA2000 and FXA3000 series effortlessly. 
 
With respect to the solutions, researchers emphasized the importance of mentioned to maintaining cyber security, with regard to the first Vulnerability. They said, “the hidden engineering web pages should be removed from all unfortified devices. As weak passwords make access easier for cyber attackers.” For the second vulnerability, the advisory commented, “the company should create new strong passwords, for every single device with the manufacturing process."
Read more »
User Security
Airline Cyber Attacks Indian Airline Ransomware attack User Security

Ransomware Attack Disrupt the Operations of SpiceJet Flight

 

An attempted ransomware assault halted the operations of budget carrier SpiceJet on Tuesday night, leaving passengers stranded for hours across the country’s airports on Wednesday morning. 

The controversy started after a SpiceJet passenger, Mudit Shejwar, flagged the delay of his flight to Dharamshala even after 80 minutes of the boarding formalities were completed.

“On board flight SG2345 to Dharmshala, it's been already 80 mins since we boarded the plane, we have not taken off yet, the only communication is of some server down and issue with paper work for fuel, is this for real,” Mudit tweeted, tagging Spicejet, Civil Aviation Minister Jyotiraditya Scindia, Airport Authority of India and the Delhi airport authority. 

“Certain SpiceJet systems faced an attempted ransomware attack last night that impacted and slowed down morning flight departures today. Our IT team has contained and rectified the situation, and flights are operating normally now,” the airline tweeted. 

However, the reply did not sit well with the passenger, who said that all the passengers were stuck on the aircraft for close to four hours without food. “Operating normally?? We are stuck here since 3 hrs and 45 mins? Neither cancelling nor operating, sitting in the flight not even the airport. No breakfast, no response,” Shejwar replied. 

The airline did not disclose whether it had paid the attacker. Industry sources said the attack was identical to the one on Indigo in December 2020. Then, too, the airline had confirmed the attack and said some segments of data servers had been breached. However, little is known yet regarding the outcome of an investigation, or whether any payment was made. 

Last year, over 78 percent of Indian organizations surveyed were hit with ransomware attacks, up from 68 percent in 2020. The average ransom paid by Indian organizations to get their data encrypted was $1.2 million, says a report by British cybersecurity firm Sophos released earlier this month. 

According to the Directorate General of Civil Aviation, SpiceJet is the second-largest airline in India, operating a fleet of more than 90 aircraft, with a market share of 13.6% as of March 2019. 

In 2021, SpiceJet went through severe financial trouble result of grounding its fleet due to COVID-19 restrictions, The struggling airline’s accumulated losses neared ₹5,478 crore, while its liabilities exceeded assets by ₹6,347 crore during the same period.
Read more »
Slack
Airline API Cyber Attacks Iranian Slack

Slack API Exploited by Iranian Threat Actor to Attack Asian Airline

 

According to IBM Security X-Force, the Iran-linked advanced persistent threat (APT) attacker MuddyWater has been discovered establishing a backdoor that exploits Slack on the network of an Asian airline. 

The hacking gang, also known as MERCURY, Seedworm, Static Kitten, and ITG17, predominantly targets throughout the Middle East and other regions of Asia. 

MuddyWater successfully infiltrated the networks of an undisclosed Asian airline in October 2019, according to IBM X-Force, with the detected activities continuing into 2021. 

According to IBM's security researchers, the adversary used a PowerShell backdoor named Aclip, which uses a Slack communication API for command and control (C&C) operations such as communication and data transmission. 

Provided that numerous different Iranian hacking groups got access to the very same victim's infrastructure in far too many cases, IBM X-Force suspects that the other adversaries were also associated in this operation, particularly considering that Iranian state-sponsored malicious actors have already been targeting the airline industry – primarily for monitoring purposes – for at least a half-decade. 

A Windows Registry Run key has been exploited in the observed event to permanently perform a batch script, which then runs a script file (the Aclip backdoor) using PowerShell. The malware could collect screenshots, acquire system information, and exfiltrate files after receiving commands via attacker-created Slack channels. 

The attacker guarantees that malicious traffic mixes in along with regular network traffic while using Slack for communication. Other virus groups have also leveraged the collaborative application for similar objectives. 

Following notification of the malicious activities, Slack initiated an investigation and removed the reported Slack workspaces. 

“We confirmed that Slack was not compromised in any way as part of this incident, and no Slack customer data was exposed or at risk. We are committed to preventing the misuse of our platform and we take action against anyone who violates our terms of service,” Slack said.

IBM's researchers are certain that the malicious actor is behind the activities based on custom tools used throughout the attack, TTP overlaps, used infrastructure, and MuddyWater's previous targeting of the transportation sector.
Read more »
Subscribe to: Posts (Atom)