This error could have allowed hackers to modify multiple travel details
Ethical hacking and network security specialists from the International Institute of Cyber Security report that due to a recently discovered vulnerability in the Amadeus reservation system, an attacker or attackers were able to access and change the reservations using only a reservation number.
The bug, present in the reservation system that holds 44% of the international reservation market, was discovered by the network security expert Noam Rotem, who tried to book a flight on the Israeli airline ELAL.
Rotem, in collaboration with a group of specialists in network security, reported their finding through a blog post: “We discovered that simply by changing the RULE_SOURCE: 1ID, we could see any PNR and access the client’s name and flight details associated”.
The researchers were then able to log into the ELAL customer portal “and make multiple changes, redeem frequent flyer miles, modify the places assigned on a flight and modify the profile of the users to cancel or change a reservation in a flight.”
Experts explain that the airline ELAL sends the codes via unencrypted email, emphasizing that some careless users even manage to share these messages on social networks.
“Although this is just the tip of the iceberg”, says the blog post at safteydetective.com. “After executing a simple script to check for brute force protection measures, we were able to find the PNR of thousands of random clients, including personal information,” concludes the post.
The investigators developed a script to solve the problem, contacted ELAL to notify them on the vulnerability, and issued some suggestions to the airline, such as the implementation of CAPTCHA, passwords and other security measures against bots.
After reporting on the vulnerability to Amadeus, the company published a statement claiming that the inconvenience had already been resolved, plus they added a recovery key to avoid the malicious use of this vulnerability.
Amadeus’ vulnerability, like last year’s Marriott data theft, “provides malicious actors abroad with the life patterns of some political and business leaders from around the world, such as flight itineraries and staff information that accompanies them”, mention the experts in cybersecurity. “Trust is vital to the operations of companies like these, so they must respond to this incident in the best possible way”.