Luggage Tag Code Unlocks Your Flights

Luggage Tag Code Unlocks Your Flights, Identity to Hackers

Luggage Tag Code Unlocks Your Flights, Identity to Hackers

Booking a flight has become a simple process thanks to the Internet, and once you have flights secured you can relax, right? Well, for the most part that's true. Your seats are yours, as long as a hacker doesn't decide to stop you flying, which turns out to be very easy to do.

Karstein Nohl and Nemanja Nikodejevic from German security company Security Research Labs have revealed how poorly the travel booking systems we all rely on are protected. In fact, the three largest Global Distributed Systems (GDS) handling flight reservations for travel worldwide are open to abuse in several ways.

Amadeus, Sabre, and Travelport are the three systems that handle over 90 percent of flight reservations. According to the researchers, these systems date back to the 70s and 80s and have only been integrated with the more modern web infrastructure rather than replaced completely. What this means is, authentication on the system is very weak due to it being decades old.

Read Also:
Germany: Data Protection Officer must not have a conflict of interests

Each traveler on a GDS is identified by a six digit code which is also the booking code (known as a PNR Locator). That ID is printed on boarding passes and luggage tags, meaning anyone near your luggage or who views your pass can see it and easily snap a shot of it with their smartphone.

 



Predictive Analytics Innovation summit San Diego
22 Feb

$200 off with code DATA200

Read Also:
Why start-ups must step up on data security
Read Also:
How industry can protect privacy in the age of connected toys
Big Data Paris 2017
6 Mar

15% off with code BDP17-7WDATA

Read Also:
New EU Data Regulations Will 'Rip Global Digital Ecosystem Apart'
Big Data Innovation Summit London
30 Mar
Big Data Innovation Summit London

$200 off with code DATA200

Read Also:
Data from 130 million commuters reveal US ‘megaregions’

Leave a Reply

Your email address will not be published. Required fields are marked *