Security News > 2024 > September > SQL Injection Attack on Airport Security
Interesting vulnerability: …a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips. The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline. Various forms of ID need to be presented while the TSA agent’s laptop verifies the employment status with the airline. If successful, the employee can access the sterile area without any screening at all...
News URL
https://www.schneier.com/blog/archives/2024/09/sql-injection-attack-on-airport-security.html
Related news
- Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers (source)
- Researchers find SQL injection to bypass airport TSA security checks (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- 18-year-old security flaw in Firefox and Chrome exploited in attacks (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- Security measures fail to keep up with rising email attacks (source)