The next time travelers board an airline in China, they may expect more than just the Chinese government and airline companies to have access to private information as a recently discovered exploit may give flyers more indigestion than an inflight meal.
Wooyun.org, a Chinese loophole reporting platform for security manufacturers and researchers, published a loophole in the system of China Eastern Airlines which may cause leaks of customer data to hackers and thieves. According to the platform's information desk, the hazard rating was high for this exploit.
The loophole was raised by a Wooyun white hat hacker named "Lu Ren Jia" on December 2, 2014, but the loophole has reportedly not yet been patched and is still waiting for action from appropriate manufacturers of the hardware and software components that are related to the exploit. No word yet either has been released by the airline.
An insider from the airline industry pointed out in an article on 21cn.com that a loophole like this can cause the leak of user information, including names, mobile phone numbers, and airline flight information.
Wooyun platform already exposed a SQL injection loophole in the system of China Eastern Airlines in August this year. The loophole was later confirmed by security manufacturers and patched.