United Airlines’ Frequent Flyer App has been hacked

United Airlines’ Frequent Flyer App Can Be Hacked to Reveal Passenger Info

Flying has never been more convenient for customers. The security checks might be a drag, but sometimes all it takes to check in online is punching in a few digits into a mobile app.

But that may be just a little too convenient. A cybersecurity company has discovered that it’s possible to obtain the personal and flight information of United Airlines MileagePlus customers through the company’s app.

“An attacker can get access to personal details such as email, phone number, flight details (origin, destination, date, time, seat) and even the boarding pass,” Yosi Dahan, co-founder and CEO of Turrisio Cybersecurity, told Motherboard in an email.

When logging into the United Airlines app to check in, a customer can either enter their booking confirmation code or MileagePlus ID and doesn’t need to give any other information, such as a password. MileagePlus is United Airline’s frequent flyer program. If the user’s flight is within 24 hours, their information will be displayed on the app.

Image: Censored screenshot provided by Dahan to show the information he uncovered

MileagePlus IDs are very basic: they come in the format of two letters, followed by six digits. So instead of having to find out the ID of a particular customer, Dahan wrote a simple Python proof-of-concept script that could allow an attacker to grind through the possible combinations of IDs and automatically check if any flights were booked with them.

There is no indication that the app has actually been abused by criminals. But Dahan, who has previously written about the MileagePlus app security, envisioned that it could be possible to launch a social engineering attack with information gleaned this way. He suggested, for instance, that an attacker could call a victim and present them with information that only United Airlines should know, then scam them into handing over credit card details.



Credit:  motherboard

We Finally Know Something About What The Shadowy X-37B Will Do In Orbit

We Finally Know Something About What The Shadowy X-37B Will Do In Orbit

In an unprecedented disclosure from the DoD, we have finally been told at least something in regards to what the USAF’s secretive X-37B spaceplane’s goals are for its upcoming flight. Among other things, it will test an exotic form of thruster propulsion that could have huge implications for future space development.

Spaceflightnow.com describes exactly how this unique form of orbital thruster works and how it compares to more traditional thruster technology:

It is a Hall thruster electric propulsion test to enable in-space characterization of design modifications that are intended to improve performance to the units on-board Advanced Extremely High Frequency military communications spacecraft, officials said Monday.

Produced by Aerojet Rocktdyne, the AEHF satellites’ Hall thrusters are 4.5-kilowatt units that use electricity and xenon to produce thrust for maneuvering satellites in space. The novel electric propulsion system produces a whisper-like thrust by ionizing and accelerating xenon gas.

Unlike conventional chemical engines that deliver substantial boosts with each brief firing, the electric system needs the stamina to operate for exceptionally long periods of time to harness its 0.06-pound-thrust into orbit-changing power.

The divergent systems have their advantages and drawbacks. Although typical engines can maneuver satellites rapidly, they use large amounts of heavy fuel that in turn require a bigger, more expensive rocket to carry the spacecraft. Electric propulsion gives up timeliness for efficiency since its xenon fuel weighs a mere fraction of conventional hydrazine, but you must have patience to reap the rewards.

We Finally Know Something About What The Shadowy X-37B Will Do In Orbit

Clearly, Advanced Extremely High Frequency (AEHF) satellites are not the only satellites this new technology could benefit. The longer you can keep a satellite aloft, and the cheaper you can put it there in the first place, which is a variable tied to weight, enhances its cost-benefit proposition. As a result, Hall thruster technology could have massive implications, not only in the military space development world, but also the commercial satellite market, via greatly reducing the investment schedules needed for maintaining persistent orbital capabilities and also lowering the cost and enhancing the flight duration for ‘one off’ space payloads.

This technology could also help in the development of killer satlets, parasites and other foreign satellite manipulation technologies as it would allow these small satellites to pack more maneuvering capability while also possessing a finer degree of control.

Then there is the unmanned X-37B itself, which is a clear candidate for such a technology as it is basically a long endurance space truck. On its last mission it spent 675 days in orbit. With this new thruster technology, its endurance could be enhanced even longer.

So there you have it, our first hint as to what the X-37B’s mission, or missions as it may be, truly are. Still, refining an already fielded advanced maneuvering thruster is probably just the gray tip of a very large black iceberg when it comes to the rest of this shadowy vehicle’s true mission set.

We Finally Know Something About What The Shadowy X-37B Will Do In Orbit




Credit:  Tyler Rogoway