Fri, 8 Feb, 2019
Travel warning: You could be in danger of being hacked during online check-in
A US cyber security research team has issued a warning to travellers saying to practice caution when using online check-in systems, as they claim that a few airlines have leaked confidential information to potential hackers.
According to security researchers at enterprise security firm Wandera, a number of global carriers have sent passengers unencrypted check-in links through their e-ticketing system, putting people’s personal information at jeopardy.
One Aussie airline was on the list of offenders, and that was budget carrier Jetstar. The report explains how hackers are able to use the same public Wi-Fi network the passenger has used to check-in to obtain information such as email addresses, full names, passport numbers and flight details.
But despite the alarming claims, Jetstar has strongly denied the findings, saying that the security of each passenger’s personal data is a top priority.
Wandera reports that once hackers get their hands on sensitive information, they are able to change booking details and print boarding passes.
“Our threat researchers discovered that the check-in links sent to the passengers are unencrypted,” read a statement.
“On clicking those links, the passenger is redirected to a site where they are logged in automatically to their flight check-in session and in some cases, they can then make any changes to their booking and print off their boarding passes.
“A hacker on the same Wi-Fi network as the passenger can easily intercept the link request.
“The hacker can then gain access to the passenger's online check-in. All of the major airlines that we identified are putting passenger data at risk.”
Speaking to news.com.au, a spokesperson for Jetstar said that the security company had “no evidence” on a possible security breach.
“We take cyber security and privacy extremely seriously and have no evidence of our customers’ booking details or data ever being misused by unauthorised parties through the booking link,” they said.
“To ensure our customers’ information remains protected we have multiple layers of security in place and are continuously implementing further cyber safeguards for emails, itineraries and our systems.
“Sensitive customer information such as payment details are not accessible through a customer’s booking link.”
But Wandera has fought back, saying it is confident in its research.
“We are confident in the findings we have shared with the affected airlines,” a spokesperson said.
“Wandera’s investigation uncovered multiple security flaws that may have resulted in passenger data being exposed to unauthorised third-parties.
“Wandera is not in a position to know if passenger data was compromised by a malicious actor, nor can we confirm yet that the affected airlines have implemented an appropriate fix.”
Eldar Tuvey, the CEO of Wandera, said an investigation was launched into 40 major airlines, with results showing close to a quarter of them being at risk.