Thanks to modern technology like smartphones and Internet bookings, taking flights has become so much more convenient. However, that comes at the cost of added risk, since there are new ways for criminals to rip you off. And one way is by stealing your flight seat.
Security researchers at Wandera have exposed a new vulnerability in the e-ticketing system that's widely used by major airlines across the globe. Uncovered back in December, it lets hackers steal your personal information from unsecured automated check-in emails, or even print out your boarding pass.
To be clear, there's no evidence to currently support a major data breach from this loophole. However, there's nothing to say there hasn't been either, and it affects eight major airlines including Southwest, Air France, KLM, Vueling, Jetstar, Thomas Cook, Transavia, and Air Europa.
Also Read:?Best Time To Book Flight Tickets In 2019? It's 5 AM On Any Sunday For Cheapest Rate, Says Study
According to the report, these airlines send customers check-in links that are unencrypted. Normally, they direct passengers to a website where they can check the flight's status or print out a boarding pass. But a hacker piggybacking on the same WiFi network (like the public WiFI at an airport for instance) can intercept the link and gain access instead.
Through this they can steal critical information like your passport details, seat assignments, first and last name, and even baggage selections. The gravity of what they can steal differs from airline to airline, but they can also mess with your booking, or even alter a phone number or email associated with the ticket booking.
"Our threat research team observed that travel-related passenger details were being sent without encryption as one of our secured customers accessed the e-ticketing system of one of the airlines mentioned," Wanders said. "It was at that time that Wandera notified the airline and began further research."
The company also shared the exploit with government agencies in order to help secure them, and they were given four weeks to fix it before their findings were made public. In the future, the firm advises airlines uses stronger encryption, one-time links for check-in, and two-factor authentication.