RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Known Crewmember (KCM)

Product
Developers: U.S. Transportation Security Administration (TSA)
Date of the premiere of the system: August 2024
Branches: Information Security,  Transport

2024: System Hacking

In early September 2024, it became known about the problem of the pilot authorization system, which allows attackers to bypass security checks at US airports and even board under the guise of a regular flight pilot.

Researchers Ian Carroll and Sam Curry studied the safety of systems that allow pilots and other crew members to avoid long lines of screening at U.S. airports, as well as systems that allow pilots to check in for any flight to fly in a spare reclining seat in the cockpit for both work and personal, such as vacations. As it turned out, these systems have a critical vulnerability that allows hackers to bypass queues under the guise of pilots.

Flyingmag
In the
United States, hacked the inspection system at airports. Hackers can pretend to be pilots and go on board

A vulnerability was found in FlyCASS, a third-party web service that some airlines use to manage Known Crewmember (KCM) and Cockpit Access Security System (CASS). KCM is a United States Transportation Security Administration (TSA) project that allows pilots and flight attendants not to be screened, and CASS allows licensed pilots to occupy seats in aircraft cockpits while traveling.

The pilot assistance program is known to cover 76 airlines, but major airlines tend to develop their own authorization systems and are therefore not considered vulnerable. However, smaller operators more often rely on the services of third-party suppliers, including FlyCASS, whose mistake allowed hackers to penetrate the system. The researchers noted that literally anyone with basic IT knowledge could take advantage of the vulnerability, which allowed them to both bypass security checks and gain access to the cockpit of commercial airliners.

The researchers alerted the systems developer as soon as they discovered the vulnerability, and on April 25, 2024, FlyCASS was disconnected from KCM and CASS programs. However, the US Transportation Security Administration (TSA) did not consider it necessary to publish this data, to the alarm of the researchers. "In April, TSA became aware of a vulnerability in a third-party database containing information about crew members. Government data or systems were not compromised and the issue had no significant security implications[1]

Notes

  1. " Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers
Источник — «https://tadviser.com/index.php/Product:Known_Crewmember_(KCM)»

Шестерня

The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article

If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible.

How to create a "smart plant": Key characteristics of a modern digital enterprise
Model Studio CS: How to use BIM to give new impetus to the development of the fuel and energy complex