141 Airlines Booking System Goes Awry Worldwide
By MYBRANDBOOK
There is a critical vulnerability found in online flight booking system, with this almost half of the fight travellers around the world were found exposed to a critical security vulnerability, that allowed remote hackers to access and modify their travel details and even claim their frequent flyer miles.
A Israeli network security researcher Noam Rotem discovered the vulnerability when he booked a flight on the Israeli airline ELAL, successful exploitation of which just required victim’s PNR (Passenger Name Record) number.
Hackers are really smart enough to enter into the flight booking system, which is developed by Amadeus, which is widely used by nearly 141 international airlines, including United Airlines, Lufthansa and Air Canada. After booking a flight with ELAL, the traveler receives a PNR number and a unique link that allows customers to check their booking status and related information associated with that PNR.
Rotem found that merely by changing the value of the "RULE_SOURCE_1_ID" parameter on that link to someone else's PNR number would display personal and booking-related information from the account associated with that customer.
Using disclosed information, i.e. booking ID and last name of the customer, an attacker can simply access the victim's account on ELAL's customer portal and "make changes, claim frequent flyer miles to a personal account, assign seats and meals, and update the customer's email and phone number, which could then be used to cancel/change flight reservation via customer service. "The report says, the vulnerability could have affected hundreds of millions of travelers.
Amadeus has able to fix the issue, and the Rotem's script can no longer identify active PNRs as demonstrated in the above video.
In a statement Amadeus says , "At Amadeus, we give security the highest priority and are constantly monitoring and updating our systems. Our technical teams took immediate action, and we can now confirm that the issue is solved."
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
IBALL WORLDWIDE PVT. LTD.
TAC SECURITY SOLUTIONS
DELL TECHNOLOGIES INDIA PVT. LTD.
JUVAS SOLUTIONS PVT. LTD.
Technology Icons Of India 2023: Sunil Vachani
Sunil Vachani is the founder and chairman of India-listed Dixon Techno...
Technology Icons Of India 2023: Natarajan Chandrasekaran
Natarajan Chandrasekaran is the Chairman of the Board of Tata Sons, th...
Technology Icons Of India 2023: Rajeev Chandrasekhar
Rajeev Chandrasekhar is the Union Minister of State for Electronics an...
TCIL continues to strengthen India with its technology expertise
TCIL undertakes consultancy & turnkey projects in the field of Telecom...
Aadhaar: Architecting the World's Largest Biometric Identity System
The Unique Identification Authority of India (UIDAI) is a statutory au...
NIC bridging the digital divide and supporting government in eGovernance
The National Informatics Centre (NIC) is an Indian government departme...
ACCERON INFOSOL PVT. LTD.
It is a leading value added distributor in the IT security space and h...
SAVEX TECHNOLOGIES PVT. LTD.
Savex Technologies is the 3rd largest Information & Communication Tec...
IVALUE INFOSOLUTIONS PVT. LTD.
: iValue Info Solutions is a value added distributor, provides solutio...