Flight booking systems lack basic privacy safeguards, researchers say
Major travel booking systems lack a proper way to authenticate air travellers, making it easy to hack the short code used on many boarding passes to alter flight details or steal sensitive personal data, security researchers warned Tuesday. Passenger Name Records (PNR) are used to store reservations with links to a traveller’s name, travel dates, itinerary, ticket details, phone and email contacts, travel agent, credit card numbers, seat number and baggage information. The 6-digit codes act as pin codes for locating travel records, albeit with vital differences that make them highly insecure, the researchers said. "While the rest of the Internet is debating which second and third factors to use, GDSs do not offer a first authentication factor," researchers said. <br/>
https://portal.staralliance.com/cms/news/hot-topics/2016-12-28/general/flight-booking-systems-lack-basic-privacy-safeguards-researchers-say
https://portal.staralliance.com/cms/logo.png
Flight booking systems lack basic privacy safeguards, researchers say
Major travel booking systems lack a proper way to authenticate air travellers, making it easy to hack the short code used on many boarding passes to alter flight details or steal sensitive personal data, security researchers warned Tuesday. Passenger Name Records (PNR) are used to store reservations with links to a traveller’s name, travel dates, itinerary, ticket details, phone and email contacts, travel agent, credit card numbers, seat number and baggage information. The 6-digit codes act as pin codes for locating travel records, albeit with vital differences that make them highly insecure, the researchers said. "While the rest of the Internet is debating which second and third factors to use, GDSs do not offer a first authentication factor," researchers said. <br/>
