Latest in Gear

Image credit: ASSOCIATED PRESS

E-ticketing flaw could allow hackers to print boarding passes

Eight airlines send check-in links via unencrypted email that could be hijacked.
207 Shares
Share
Tweet
Share
Save

Sponsored Links

ASSOCIATED PRESS

E-ticketing systems used by eight major airlines, including Southwest, suffer from a lax security that could expose personal information and result in tampering with seats and boarding passes. Researchers at mobile security firm Wandera published a report highlighting vulnerability found in check-in emails delivered to passengers. While there is no evidence of any significant breach, the vulnerability may still give travelers pause.

According to the researchers, the issue stems from the use of unencrypted check-in links sent to passengers via email. When a person clicks on the link, they are directed to a site to check in for their flight, make changes or print their boarding pass. Because the links are unencrypted, Wandera warns that a malicious actor connected to the same Wi-Fi network could intercept the link request and gain access to the person's check-in page.

Once a hacker has access to the page, they could view a significant amount of personal information, from names and addresses to Passport and ID numbers. They could also access specific details about the flight including booking references, flight times and numbers and seat assignments.

Because of how the vulnerability is exploited, it's unlikely that any sort of widespread attack could be launched against travelers. It would have to be a focused effort directed at individuals. However, it does open up the possibility of a hacker making someone's life miserable by changing their travel plans. Travelers can primarily avoid such an attack by making sure to only visit check-in links on a secure network.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
207 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
Apple warns against storing its titanium credit card in leather

Apple warns against storing its titanium credit card in leather

View
Google's next Nest Mini speaker could be wall-mountable

Google's next Nest Mini speaker could be wall-mountable

View
Microsoft tests more control for apps that restart with Windows 10

Microsoft tests more control for apps that restart with Windows 10

View
Terminator T-800 and The Joker are coming to 'Mortal Kombat 11'

Terminator T-800 and The Joker are coming to 'Mortal Kombat 11'

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr