<\/a><\/figure><\/div>\n\n\n<\/gwmw>The researchers initially disclosed the issue to the Department of Homeland Security (DHS) on April 23. Then the FlyCASS was disabled in KCM\/CASS to address the issue. The researchers explained that when they attempted to coordinate a safe public disclosure, DHS stopped responding, and the TSA issued misleading statements downplaying the issue.<\/gwmw><\/p>\n\n\n\n
The TSA inaccurately claimed that the flaw couldn’t be used to access KCM checkpoints, asserting that a vetting process was required before issuing a KCM barcode. <\/p>\n\n\n\n
“Unfortunately, instead of working with us, the Department of Homeland Security stopped responding to us, and the TSA press office issued dangerously incorrect statements about the vulnerability, denying what we had discovered.” added Carroll.<\/em> “The TSA press office said in a statement that this vulnerability could not be used to access a KCM checkpoint because the TSA initiates a vetting process before issuing a KCM barcode to a new member. However, a KCM barcode is not required to use KCM checkpoints, as the TSO can enter an airline employee ID manually.”<\/em><\/p>\n\n\n\n