Transport

Airlines Expose Passenger Data via Unencrypted Check-in Links

4 - 12 February 2019

Several major airlines are exposing passengers’ personal information by sending check-in links over HTTP instead of HTTPS. These links are typically sent via email or SMS and they are used to initiate the check-in process.
Cyber_News_Transport
Several major airlines are exposing passengers’ personal information by sending check-in links over HTTP instead of HTTPS. These links are typically sent via email or SMS and they are used to initiate the check-in process. An attacker on the same network as the passenger, such as a public Wi-Fi connection, can intercept the link request to automatically login to the user's online check-in page. Depending on the airline, the check-in service can provide information about the user's email, address, name, passport details and flight details. In some cases, the hacker can make changes to the user’s data or print the boarding pass for a scheduled flight. It is recommended that airlines encrypt network communication during the check-in process and implement two-factor authentication to protect user information. 

References:
[1] Are Airlines Putting Your Data at Risk?
 
 
 
 
 
 
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Solutioning

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence