Recently, security researchersDiscovering the United StatesAir Transport Safety DepartmentexistenceA serious oneofVulnerabilities, exploitationThe system has vulnerabilities,Unauthorized permission is allowedAny of themPersonnel bypassed airport security checks and obtained permission to enter the aircraft cockpit.

as report goes,Security researcher Ian·Carol（Ian Carroll）And Sam·Curry（Sam Curry）Discovered through technical means during security checksFlyCASSExistence in the systemSQLInject vulnerabilities. loopholeLocated in FlyCASSSystem login system，Attackers can exploit this vulnerability to insert malicious messagesSQLPerform database queries using statements andairline companyLog in to the system as an administrator.Tampering with employee data，Impersonating existing members to bypass the review process for new members.During the inspection, researchers randomly selectedAdded a fictional employeeTest TestOnly "can be used to exploit vulnerabilitiesGrant this accountKCMandCASSAccess permissions.

Through this vulnerability, inFlyCASSAdding airline pilots and flight attendants to the system does not require further verification and authentication, and anyone can be added asKCMandCASSAuthorized users. So as to bypass security checks and enter the cockpit of commercial aircraft，Serious threat to aviation safety.subsequentlyResearchers report to the US Department of Homeland Security（DHS）The vulnerability was disclosed. The Department of Homeland Security recognizes the severity of this vulnerability,Quickly applyFlyCASSfromKCM/CASSSystem Interruption Open，Not long after,FlyCASSVulnerabilities on topconfirmFixed.

beautifulCountry CountryDepartment of Public SecurityChang Mayou·Cass

KCMThe plan is the United States Transportation Security Administration（TSA）A plan aimed at improving aviation safety has been launched.KCMThe plan allows eligible pilots, flight attendants, and other crew members to enjoy faster security checkpoints during their travels. These personnel need to go through a specific registration process before traveling and be confirmed as known and trusted crew members. Once registered successfully, they can go through the airport'sKCMDedicated channels are used for security checks to save time and reduce inconvenience during the process.

andCASSIt is a security system used to manage and control access permissions to the aircraft cockpit. It aims to ensure that only authorized personnel can enter the cockpit, thereby protecting the safety of the aircraft and preventing unauthorized access.CASSBy verifying the identity and qualifications of personnel, ensure that only qualified crew members, maintenance personnel, or other authorized personnel are allowed to enter the cockpit. By implementing strict access controls,CASSIt can prevent potential terrorists, criminals, or other malicious individuals from entering the cockpit, thereby protecting the safety of the aircraft.CASSIt can also be integrated with other safety systems of the aircraft, such as emergency evacuation systems, to provide faster and more effective assistance in emergency situationslandresponse，This system is“9·11”It becomes particularly important after the event.

FlyCASSIt's oneparagraphProvided by a third partyofBased on the internetalsoEasy to use applications,Used by some airlines to manage and operate known crew members（KCM）Plan and cockpit access security system（CASS）.Previously, there were also information disclosures,Another researcherAlesandro Ortizfind，FlyCASSIt seems to betwo thousand and twenty-fouryeartwoThe month sufferedMedusaLockerRansomware attacks，This further highlights the vulnerability of the system.

The discovery of this security vulnerabilityalsoKnocked it outCybersecurity in the aviation industryAlarm bell, reminderRelated organizationsWe must attach great importance to the aviation transportation safety systemWaiting for key industriesSafety and robustness.For critical systems involving flight safety, stricter and more comprehensive identity verification mechanisms should be established to prevent unauthorized access. Regulatory authorities should strengthen safety supervision and compliance checks on airlines to ensure strict compliance with safety regulations and operating procedures, and promptly identify and repair potential security vulnerabilities.Establish a comprehensive emergency response mechanism that can quickly activate emergency plans and take effective measures to deal with security vulnerabilities or incidents, minimizing losses.