SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Bypassing Airport Security Via SQL Injection
Date    Friday August 30, @11:53AM
Author    janrinok
Topic   
from the dept.
https://soylentnews.org/article.pl?sid=24/08/29/1814226

owl writes:

https://ian.sh/tsa

Like many, Sam Curry and I spend a lot of time waiting in airport security lines. If you do this enough, you might sometimes see a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips.

The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline. Various forms of ID need to be presented while the TSA agent's laptop verifies the employment status with the airline. If successful, the employee can access the sterile area without any screening at all.

A similar system also exists for cockpit access, called the Cockpit Access Security System (CASS). Most aircraft have at least one jumpseat inside the cockpit sitting behind the flying pilots. When pilots need to commute or travel, it is not always possible for them to occupy a revenue seat, so a jumpseat can be used instead. CASS allows the gate agent of a flight to verify that the jumpseater is an authorized pilot. The gate agent can then inform the crew of the flight that the jumpseater was authenticated by CASS.

The employment status check is the most critical component of these processes. If the individual doesn't currently work for an airline, they have not had a background check and should not be permitted to bypass security screening or access the cockpit. This process is also responsible for returning the photo of the crewmember to ensure the right person is being authorized for access. So how does this work, when every airline presumably uses a different system to store their employee information? That is what we were wondering, and where it gets interesting...


Original Submission

Links

  1. "owl" - https://soylentnews.org/~owl/
  2. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=63625

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Bypassing Airport Security Via SQL Injection on 2024-10-10 17:57:57