Latest in Gear

Image credit:

E-ticketing flaw could allow hackers to print boarding passes

Eight airlines send check-in links via unencrypted email that could be hijacked.
AJ Dellinger, @ajdell
February 6, 2019
Share
Tweet
Share

Sponsored Links

ASSOCIATED PRESS

E-ticketing systems used by eight major airlines, including Southwest, suffer from a lax security that could expose personal information and result in tampering with seats and boarding passes. Researchers at mobile security firm Wandera published a report highlighting vulnerability found in check-in emails delivered to passengers. While there is no evidence of any significant breach, the vulnerability may still give travelers pause.

According to the researchers, the issue stems from the use of unencrypted check-in links sent to passengers via email. When a person clicks on the link, they are directed to a site to check in for their flight, make changes or print their boarding pass. Because the links are unencrypted, Wandera warns that a malicious actor connected to the same Wi-Fi network could intercept the link request and gain access to the person's check-in page.

Once a hacker has access to the page, they could view a significant amount of personal information, from names and addresses to Passport and ID numbers. They could also access specific details about the flight including booking references, flight times and numbers and seat assignments.

Because of how the vulnerability is exploited, it's unlikely that any sort of widespread attack could be launched against travelers. It would have to be a focused effort directed at individuals. However, it does open up the possibility of a hacker making someone's life miserable by changing their travel plans. Travelers can primarily avoid such an attack by making sure to only visit check-in links on a secure network.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Google Play Music will start shutting down in September

Google Play Music will start shutting down in September

View
Google adds emoji reactions to Messages on Android

Google adds emoji reactions to Messages on Android

View
Disney's new AI is facial recognition for animation

Disney's new AI is facial recognition for animation

View
T-Mobile switches on its standalone 5G network in thousands of cities

T-Mobile switches on its standalone 5G network in thousands of cities

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr