Check-In System Flaw Puts Major Airlines at Risk

Today’s topics include Wandera reporting that major airlines are at risk from a check-in system flaw, and Dell EMC eyeing the edge for open networking.

Security firm Wandera reported on Feb. 6 that it discovered an airline check-in vulnerability impacting multiple airlines, including Southwest, Air France, KLM, Vueling, Jetstar, Thomas Cook, Transavia and Air Europa.

The flaw is relatively simple, as the airlines have been emailing unencrypted check-in links to passengers. Since the links are unencrypted, they could be intercepted or reused by an unauthorized third party to change the details for a reservation and gain access to user information.

According to Michael Covington, vice president of product at Wandera, the company found that data including "suspicious parameters on a URL string was actually being used to transparently authenticate the user into the e-ticketing website."

Covington said that by not limiting the e-ticketing check-in URLs to one-time use, the airlines open their e-ticketing systems up to a replay attack that allows an attacker to easily gain access to passenger accounts.

Dell EMC officials are eyeing the enterprise campus and other edge environments as next steps for the company’s now 5-year-old open networking efforts that until this year have focused primarily on central data centers.

Tom Burns, senior vice president and general manager of Dell EMC Networking and Solutions business, last week wrote that the software-defined WAN space and the rollouts of 5G networks by service providers will provide opportunity for Dell EMC to extend the reach of its open network systems and software.

He says the move into the SD-WAN arena will come with what he claims are “major updates to [Dell EMC’s] campus portfolio planned in 2019.” The deployment by service providers of 5G networks in the coming months and years will give them the opportunity to use “multi-purpose resources close to the edge and use software to deploy specific services as the need arises.”