Skip to content
Information Technology, Internet

Monash expert: Qantas mobile app glitch exposes customer information

Monash University 2 mins read

A Monash University expert is available to comment on reports of Qantas customers having access to other passengers' information on their mobile app, and what needs to be done to protect against such incidents in the future. 

 

Dr Muhammed Esgin, Department of Software Systems & Cybersecurity, Faculty of Information Technology

Contact details: +61 450 501 248 or media@monash.edu  

  • Cybersecurity
  • Privacy-enhancing technologies
  • Blockchain technologies
  • Quantum-safe cryptography

The following can be attributed to Dr Esgin:

“It is too early to tell what exactly caused the issue. However, it is certainly a privacy concern given (unauthorised) people are able to see personal information about other Qantas passengers. 

 

“Many companies store customer information in a database and mobile applications need to first authenticate a customer to make sure that it is really the right person being granted access. Then typically the app is allowed to retrieve information from the database about that particular user only and not others, unless permission is granted. The issue seems to be that somehow the app is retrieving private information about other users.

 

“To prevent such issues, there needs to be proper authentication, authorisation and access control in place. That means we need to make sure that it is really the right person, accessing the right information and nothing beyond what is permitted.

 

“Unfortunately, these kinds of personal information exposure can be exploited by cybercriminals. It is difficult to measure the extent of the exploitation at this point as we may not be able to fully understand how much sensitive information has been exposed. However, a common strategy of cybercriminals is to use such sensitive information and situations like this to scam users, for example by pretending to be calling/texting/emailing from Qantas or using the sensitive information leaked to present a more convincing scenario to their victims.

 

“We certainly need better training around cybersecurity and its best practices. The software systems we rely on today are quite complex and minor changes may lead to significant issues. Therefore, we need cybersecurity trained people implementing changes carefully whenever needed under stringent protocols to ensure that inadvertent privacy breaches do not arise.”

 

For any other topics on which you may be seeking expert comment, contact the Monash University Media Unit on +61 3 9903 4840 or media@monash.edu. For more Monash media stories visit our news & events site

More from this category

  • Business Company News, Information Technology
  • 17/09/2024
  • 13:08
Jane Morgan Management

Bigtincan Holdings Receives Non-Binding Proposal from Vector Capital for Potential Take-private Transaction

Sydney, 17 September 2024 | Bigtincan Holdings Limited (ASX: BTH) (“Bigtincan” or the “Company”), a leading provider of platform for AI-powered sales enablement automation services, has received a revised non-binding proposal (the “Proposal”) from Vector Capital Management, L.P. (“Vector” or “Vector Capital”) for a potential take-private transaction. The proposal includes an offer price of A$0.20 per share, reflecting an increase from previous communications. Proposal Details & Process: Having recently engaged with several shareholders and the Company, Vector Capital has secured investment committee approval and the necessary financing commitments to proceed with a potential transaction. The proposal outlines Vector’s intent to…

  • Contains:
  • Information Technology
  • 17/09/2024
  • 09:09
Origina

Origina Strengthens Asia-Pacific Relationships and Expansion with Key Appointments

Origina, the leader in independent software maintenance for IBM, HCL, and VMware, has announced two strategic appointments to support its growth across the Asia-Pacific…

  • Contains:
  • Information Technology
  • 17/09/2024
  • 03:40
Zoom Video Communications, Inc.

Zoom for Government Platform Expands With Zoom AI Companion, Receives FedRAMP® JAB Authorization

SAN JOSE, Calif., Sept. 16, 2024 (GLOBE NEWSWIRE) -- Today, Zoom announced that The Federal Risk and Authorization Management Program (FedRAMP®) Joint Authorization Board (JAB) authorized Zoom AI Companion as a JAB Moderate system, adding to Zoom for Government’s growing list of authorized products, solidifying the company’s commitment to the U.S. government space. Most recently, Zoom Contact Center also received FedRAMP® JAB certification as part of the Zoom for Government platform, in June of 2024.Now, U.S. federal agencies, state and local municipalities, and approved businesses and organizations that support U.S. government missions with paid Zoom accounts will have a FedRAMP-authorized,…

Media Outreach made fast, easy, simple.

Feature your press release on Medianet's News Hub every time you distribute with Medianet. Pay per release or save with a subscription.