Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Public demonstration of airline reservations insecurity

From: "Dave Farber" <dave () farber net>
Date: Thu, 29 Dec 2016 01:50:39 +0000
---------- Forwarded message ---------
From: Edward Hasbrouck <edward () hasbrouck org>
Date: Wed, Dec 28, 2016 at 6:56 PM
Subject: (for IP) Public demonstration of airline reservations insecurity
To: <farber () gmail com>


Yesterday at the 33C3 conference, a team of white-hat hackers gave a

public demonstration of the insecurity of the Computerized Reservations

Systems (CRSs), a/k/a Globa; Distributioon Systesm (GDSs), used by

airlines and travel companies to store Passenger Name Records (PNRs).



Video:

https://media.ccc.de/v/33c3-7964-where_in_the_world_is_carmen_sandiego



They were able to retrieve and change reservations and obtain free flights

(at least within the Schengen zone, where there are no passport checks).



Although there are fundamental insecurities in the CRss themselves, the

demo yesterday exploited vulnerabilities in the CRs's public Web gateways

whihc I wrote about, after reporting them to all four major CRSs, in 2001

and 2002. One of the CRSs, Sabre, made soem temporary changes in response

to my report, but repeatedly reverted to the same insicure mode of

operation as the others. The others did not respond to my reports.



2002 article from my Web site:

https://hasbrouck.org/articles/watching.html



More background and quotes about this vulnerability from my 2001 book:

https://hasbrouck.org/blog/archives/002279.html



Flight booking systems lack basic privacy safeguards, researchers say

(by Eric Auchard, Reuters, 27 December 2016)

http://uk.reuters.com/article/us-cyber-travel-idUKKBN14G1I6



Reisedaten: Betrug mit Buchungscodes ist zu einfach

(by Patrick Beuth, Zeit, 26 December 2016)

http://www.zeit.de/digital/datenschutz/2016-12/reisedaten-hacking-betrug-buchungscode-33c3/komplettansicht









----------------

Edward Hasbrouck

<edward () hasbrouck org>

<https://hasbrouck.org>

<https://twitter.com/ehasbrouck>

+1-415-824-0214



"The Practical Nomad: How to Travel Around the World" (5th ed., 2011)

<https://hasbrouck.org/PN>



Consultant to The Identity Project:

<https://papersplease.org>



GnuPG/PGP public key:

<https://hasbrouck.org/ehasbrouck.asc>

fingerprint:

0B0B 8F74 CEA3 83AB 97B3 F6AF BB7E F636 165C 22F5



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20161228205101:3B64FF14-CD69-11E6-A0AD-C11333FE3FFC
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: