Researchers from German security company, Security Research Labs, recently revealed the poor security behind the current travel booking systems. Three of the largest Global Distributed Systems (GDS) handling flight reservations for worldwide travel are Amadeus, Sabre, and Travelport. These three systems handle 90 percent of flight reservations.
The poor security stems from these systems originating in the 70’s and 80’s and never being rebuilt, but rather integrated with the more modern web infrastructure of today.
Each traveler on a GDS is identified by a six-digit code that also serves as the booking code. This code houses all traveler information from home address, email address, phone numbers, credit card information, frequent flyer number and even the IP address used to make the booking online! This ID is printed on boarding passes and luggage tags.
A specific ID is not needed to find valid traveler information and airline websites and GDS do not limit the amount of times you can check for codes. This gives hackers the window to use brute force approach to finding valid codes for use.
Researchers explain that it is possible for a hacker to steal your flight by changing the flight information without your knowledge or canceling it and receiving a voucher, just from your ID printed on your luggage tag. A hacker could also take frequent flyer miles, or use the knowledge that you are on vacation for a potential phishing attack.
If you would like to educate yourself in more detail about the information presented in this post please visit: www.pcmag.com