The security of travel reservation systems suffers from old mentalities
When people travel the world, agents working on their behalf typically use one of the three major Global Distribution Systems (GDS) to store hotel and airline reservation information. These travelers and service providers have reason to be concerned about the security of reservation systems, according to Security Research Labs researchers. The Berlin-based research team delivered a critical analysis threat models used in GDS at the 33rd Chaos Communication Congress in Hamburg, Germany.
GDS was born in the era of the mainframe and leased lines, and it approaches security with all the blinkers typical of that period. The idea of ââa centralized data repository comes from a mainframe mindset. The idea that non-service users would one day hit GDS, however, apparently did not occur to designers. They ignored the possibility that employees could use multiple paths to search for information.
Eventually, the developers came up with a Passenger Name Record (PNR) authentication mechanism that would be easy to use for service providers. It consists of the passenger’s last name appended to a six-character alphanumeric string called the reservation code. Code is often generated sequentially, as opposed to random.
This is fine in itself, but the system uses the code in an insecure manner. It is usually printed directly on boarding passes and baggage tags, for example. If an attacker somehow manages to obtain this reservation code, he can easily reconstruct the entire authentication token.
Brutal reservation systems security
Attackers can also use a brute force attack here, as GDS systems typically do not throttle requests. Scammers can simply keep tapping on a portal’s entry until they exhaust all possible data combinations.
Researchers offer some tips for better security in reservation systems. âIn the short term,â they wrote, âall websites that allow access to travelers’ records should require appropriate brute force protection in the form of Captchas and retry limits per IP address. “
GDS companies hold on
When contacted by Safety week, GDS companies have minimized the security concerns of reservation systems. Saber, for example, said in a statement that he had several security systems in place but would not discuss them for fear of inadvertently sharing critical information with cybercriminals.
It is possible that GDS systems are actually better defended than the researchers claimed. It is undeniable, however, that they do not have an efficient method of PNR logging. If an attacker violated a GDS system, the company would have no record to prove that this had happened.
While older GDS systems are still functional, they certainly need significant upgrades to run smoother and safer than they do today.