Where in the World Is Carmen Sandiego?: Becoming a secret travel agent

Presented at 33C3 (2016), Dec. 27, 2016, 9:45 p.m. (60 minutes).

Travel booking systems are among the oldest global IT infrastructures, and have changed surprisingly little since the 80s. The personal information contained in these systems is hence not well secured by today's standards. This talk shows real-world hacking risks from tracking travelers to stealing flights.

Airline reservation systems grew from mainframes with green-screen terminals to modern-looking XML/SOAP APIs to access those same mainframes.

The systems lack central concepts of IT security, in particular good authentication and proper access control.

We show how these weaknesses translate into disclosure of traveler's personal information and would allow several forms of fraud and theft, if left unfixed.


Presenters:

  • Karsten Nohl
    Karsten Nohl is a cryptographer and security researcher. He likes to test security assumptions in proprietary systems and typically breaks them.
  • Nemanja Nikodijevic

Links:

Similar Presentations: