Cybersecurity researchers say they've found a vulnerability that allowed them to skip US airport security checks and even fly in the cockpit on some scheduled flights.
Ian Carroll and Sam Curry worked on the findings together after the Known Crewmember (KCM) queue caught their attention at an airport during their routine travel. The lane can sometimes be seen at airports and it allows verified pilots and crew to skip the often lengthy security queues, courtesy of a Transportation Security Administration (TSA) initiative.
Actual crew can apply for verification to the program and present a badge that grants them queue-skipping privileges. A similar initiative also exists for pilots only, the Cockpit Access Security System (CASS), which allows verified pilots to sit in the spare cockpit seat (jumpseat) during flights they need to take for whatever purpose, like commuting or leisure travel.
Of course, many of us have seen these authorized line jumpers while standing like chumps waiting to sling our stuff onto the security scanner belts, wishing we were one of them. But according to the researchers, you don't need to put yourself through pilot school to get access to a jumpseat; you just need to learn how to exploit a SQL injection bug.
www.theregister.com
