141 Airlines Booking System Goes Awry Worldwide
By MYBRANDBOOK
There is a critical vulnerability found in online flight booking system, with this almost half of the fight travellers around the world were found exposed to a critical security vulnerability, that allowed remote hackers to access and modify their travel details and even claim their frequent flyer miles.
A Israeli network security researcher Noam Rotem discovered the vulnerability when he booked a flight on the Israeli airline ELAL, successful exploitation of which just required victim’s PNR (Passenger Name Record) number.
Hackers are really smart enough to enter into the flight booking system, which is developed by Amadeus, which is widely used by nearly 141 international airlines, including United Airlines, Lufthansa and Air Canada. After booking a flight with ELAL, the traveler receives a PNR number and a unique link that allows customers to check their booking status and related information associated with that PNR.
Rotem found that merely by changing the value of the "RULE_SOURCE_1_ID" parameter on that link to someone else's PNR number would display personal and booking-related information from the account associated with that customer.
Using disclosed information, i.e. booking ID and last name of the customer, an attacker can simply access the victim's account on ELAL's customer portal and "make changes, claim frequent flyer miles to a personal account, assign seats and meals, and update the customer's email and phone number, which could then be used to cancel/change flight reservation via customer service. "The report says, the vulnerability could have affected hundreds of millions of travelers.
Amadeus has able to fix the issue, and the Rotem's script can no longer identify active PNRs as demonstrated in the above video.
In a statement Amadeus says , "At Amadeus, we give security the highest priority and are constantly monitoring and updating our systems. Our technical teams took immediate action, and we can now confirm that the issue is solved."
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
ICONS OF INDIA : SANJAY GUPTA
Sanjay Gupta is the Country Head and Vice President of Google India an...
Icons Of India : PRATIVA MOHAPATRA
Prativa is a transformational leader with an incredible breadth of exp...
Icons Of India : Arjun Malhotra
Arjun Malhotra, the Chairman of Magic Software Inc., is widely recogni...
IREDA - Indian Renewable Energy Development Agency Limited
IREDA is a specialized financial institution in India that facilitates...
C-DOT - Center of Development of Telematics
India’s premier research and development center focused on telecommu...
IFFCO - Indian Farmers Fertiliser Cooperative
IFFCO operates as a cooperative society owned and controlled by its fa...
Indian Tech Talent Excelling The Tech World - NEAL MOHAN, CEO - Youtube
Neal Mohan, the CEO of YouTube, has a bold vision for the platform’s...
Indian Tech Talent Excelling The Tech World - RAVI KUMAR S, CEO- Cognizant
Ravi Kumar S, appointed as CEO of Cognizant in January 2023, sets the ...
Indian Tech Talent Excelling The Tech World - ARVIND KRISHNA, CEO – IBM
Arvind Krishna, an Indian-American business executive, serves as the C...