Skip to main content

A flaw in e-ticket systems could mean a hacker can print your boarding pass

best flight tracking apps
Trevor Mogg / Trevor Mogg

Security researchers at the firm Wandera have exposed a vulnerability in the e-ticking system used by several popular global airlines. The vulnerability was discovered in December and involves unsecured check-in emails that can put the personal information of passengers at risk or even allow a hacker to print boarding passes.

Though there is no evidence that currently supports a major data breach, eight airlines including Southwest, Air France, KLM, Vueling, Jetstar, Thomas Cook, Transavia, and Air Europa are impacted by this vulnerability. According to Wandera, these airliners are sending unencrypted check-in links, which otherwise automatically log passengers into a website to check flight status and print boarding passes. That can allow a hacker who is sharing the same Wi-Fi network as a passenger to intercept the link and gain access to the same information.

Recommended Videos

Several types of personally identifiable information can be accessed through this vulnerability, including passport information, seat assignments, first and last names and baggage selections. However, the type of information that can be stolen depends on each airline e-ticking system. In some cases, hackers can still leverage this information to their advantage to change an itinerary. That includes the ability to add or remove extra bags, change seating arrangements, or alter both the mobile phone number or email associated with a booking.

Please enable Javascript to view this content

“Our threat research team observed that travel-related passenger details were being sent without encryption as one of our secured customers accessed the e-ticketing system of one of the airlines mentioned above. It was at that time that Wandera notified the airline and began further research,” Wandera said.

The vulnerability was shared the appropriate government agencies as well as with the airlines. A period of four weeks is given for the vulnerability to be fixed before it was made public. As a solution, Wandera recommends for airlines to adopt strong encryption methods, require user authentication, and use one-time tokens for links in emails.

This would not be the first time that airliners have faced scrutiny relating to its cybersecurity practices. Though more severe, a British Airways data hack in 2018 impacted more than 380,000 passengers after its computer systems were breached. A separate instance with Cathay Pacific also impacted up to 10 million of its customers in 2018.

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
One of the most exciting upcoming CES 2025 launches just got leaked
lenovo foldable laptop extended.

Last year, Lenovo teased a rollable laptop at MWC 2023, but it was purely a prototype. Now, a leak covered by The Verge from Evan Blass claims that the concept is becoming a reality and will be released at CES 2025 in just a few weeks.

The concept Lenovo laptop from last year looks like a completely normal laptop at first, but once you press a button on the side, more screen literally starts rolling out from under the keyboard. The screen slowly grows until you have basically two laptop screens stacked on top of each other.

Read more
ChatGPT just got a bump to its coding powers
ChatGPT collaborating with Notion

For its penultimate 12 Days of OpenAI announcement, the company revealed a trio of updates to ChatGPT's app integration on Thursday, which should make using the AI in conjunction with other programs on your desktop less of a chore.

OpenAI unveiled ChatGPT's ability to collaborate with select developer-focused macOS apps, specifically VS Code, Xcode, TextEdit, Terminal, and iTerm2, back in November. Rather than needing to copy and paste code into ChatGPT, this feature allows the chatbot to pull specified content from the coding app as you enter your text prompt. ChatGPT, however, cannot generate code directly into the app, as Cursor or GitHub Copilot are able to.

Read more
Here’s why some PC gamers shouldn’t install the latest Windows 11 update
Overwatch 2 running on the LG OLED 27 gaming monitor.

The latest Windows 11 update, codenamed 24H2, has been a troubled rollout for Microsoft, but one thing's been clear from the beginning: PC gamers should wait to install it. Let's add another issue to the list, shall we?

As spotted by Windows Latest, Microsoft has confirmed in an update to its Windows 11 24H2 problems page, that Windows 11 24H2 is causing issues with its Auto HDR feature. The result of the bug is that incorrect colors are being displayed or, even worse, are breaking games entirely and causing them to not be responsive.

Read more