Air France-KLM 6-char short code

Benjamin W. Broersma

Playlists: '37c3-meta' videos starting here / audio

Air France-KLM 6-char short code
What could go wrong?
What did go wrong more...

Air France-KLM was vulnerable because they used 6-char short codes in links for text messages. No security question was needed to read detailed trip data, including names, ticket prices, and sometimes passport data and visa data.
How large was the breach?
What more was 'interesting'?
Is it now fixed?
List of failures and questions.