Delta rushes to fix ticket security vulnerability

A security vulnerability with Delta Airlines mobile e-tickets potentially allowed people to access other travellers’ boarding passes

A security vulnerability with Delta Air Lines mobile e-tickets potentially allowed people to access other travellers’ boarding passes.

The security flaw occurred when a traveller changed the numbers in the URL of the airline’s website, bringing up the boarding pass of another traveller.

A passenger viewing their valid boarding pass on the Delta website could replace numbers in the URL, refresh the page and see another traveller’s boarding pass, including the person’s name, frequent flyer number, flight number, boarding time and seat number. This could lead to somebody changing seats or flights without the other passenger knowing, according to BuzzFeed.

It was also possible to test different URLs of different airlines, which led to the discovery of security vulnerability with another US carrier Southwest Airlines.

A spokesperson for Delta, Paul Skrbec, told the news and media website that, after discovering the flaw with its mobile boarding passes, its IT teams quickly put a solution in place to prevent it from occurring.

“As our overall investigation of this issue continues, there has been no impact to flight safety, and at this time we are not aware of any compromised customer accounts,” said Skrbec. “We routinely monitor and perform analysis of data to ensure privacy for our customers. We apologise for any concern this may have caused.”

Delta Air Lines has been ahead of some competitors when rolling out technology. Last year, the airline announced the roll-out of 19,000 Nokia 820 smartphones for its flight attendants. While pilots flying Delta Air Lines planes were given Microsoft Surface 2 tablets in a bid to make cockpits paperless.

And back in 2012, the airline planned to extend its Wi-Fi coverage to international flights, including those serving the UK.

Delta Air Lines already has Wi-Fi services on all internal flights in the US – over 3,000 a day – which enables travellers to get online when the aeroplane is above 10,000 feet.

Comparatively, it was only earlier this year that Virgin Atlantic announced it will begin providing Wi-Fi on board translantic flights from Europe next year. The company's partner, Gogo, will provide the high-speed internet connectivity using 2Ku satellite-based technology, which has expected speed of up to 70Mbps.

Virgin will be the first European airline to provide the technology to customers, which had only been available on domestic North American flights that use ground-based technology. Under the agreement, Gogo will retrofit Virgin Atlantic’s existing aircraft with the technology.

Read more on IT for transport and travel industry