This error could have allowed hackers to modify multiple travel details
Ethical hacking and network security
specialists from the International Institute of Cyber Security report that due
to a recently discovered vulnerability in the Amadeus reservation system, an
attacker or attackers were able to access and change the reservations using
only a reservation number.
The bug, present in the reservation system that
holds 44% of the international reservation market, was discovered by the network security expert Noam Rotem, who tried to book a flight on the Israeli airline
ELAL.
Rotem, in collaboration with a group of specialists in network security, reported their finding through a blog post: “We discovered that simply by changing the RULE_SOURCE: 1ID, we could see any PNR and access the client’s name and flight details associated”.
The researchers were then able to log into the
ELAL customer portal “and make multiple changes, redeem frequent flyer miles,
modify the places assigned on a flight and modify the profile of the users to
cancel or change a reservation in a flight.”
Experts explain that the airline ELAL sends the
codes via unencrypted email, emphasizing that some careless users even manage
to share these messages on social networks.
“Although this is just the tip of the iceberg”, says the blog post at safteydetective.com. “After executing a simple script to check for brute force protection measures, we were able to find the PNR of thousands of random clients, including personal information,” concludes the post.
The investigators developed a script to solve
the problem, contacted ELAL to notify them on the vulnerability, and issued
some suggestions to the airline, such as the implementation of CAPTCHA,
passwords and other security measures against bots.
After reporting on the vulnerability to
Amadeus, the company published a statement claiming that the inconvenience had
already been resolved, plus they added a recovery key to avoid the malicious
use of this vulnerability.
Amadeus’ vulnerability, like last year’s Marriott
data theft, “provides malicious actors abroad with the life patterns of some
political and business leaders from around the world, such as flight itineraries
and staff information that accompanies them”, mention the experts in
cybersecurity. “Trust is vital to the operations of companies like these, so
they must respond to this incident in the best possible way”.
