Israelis are some of the most enthusiastic globetrotters in the world, and the pandemic — difficult for many reasons in any case — has deprived them of their favorite past time.
But these travelers undoubtedly thought life was beginning finally to return to normal with the establishment of diplomatic ties between Israel and the United Arab Emirates, and direct flights between the two.
This week, a new misery has been added to the woes of the Israeli travelers.
A security breach was inadvertently discovered on the Emirati site of Sharaf Travels, where many Israelis have begun to book their vacations and obtain their visas to their exotic new destinations.
Their personal details — including the PDFs of their visa certificates — have been exposed to the eyes of others, according to a report by the Hebrew-language Channel N12 news team.
Many Israelis have already taken the opportunity to fly and vacation in Dubai, and many are still planning their upcoming trip there. A large proportion of them use websites to obtain deals, and even to purchase and issue the tourist visa required to enter the Emirates.
According to cyber expert Ido Naor, CEO of Security Joes, “A report by cyber researcher Dror Shemesh sent the N12 news team to travel agency websites in Dubai, where they found Israelis’ information leaked exposed to their eyes.
“We checked a certain website and indeed found that there was a leak: Every Israeli who issues a visa to Dubai through the website is exposed to a simple hack by hackers who can view all the details that appear and even use the PDF file of the visa itself.”
For example, the team said, when the process to issue the visa ended, an Israeli customer received a link to the PDF address of the visa itself, for the purpose of presenting or printing it. In the link, four digits appeared, and a random change in the digits led to the viewing of visa certificates by other Israelis.
“This is a serious failure that allows hackers who, of course, recognize such failures, to be exposed to the visas of many Israelis,” the news team pointed out.
“The visas of the Israelis who flew to Dubai include personal details of the Israelis, including their full name, passport photo, residential address, passport number and more. In addition, the visa file itself may be used to steal identities.”
Ido Naor contacted the National Cyber System, where they immediately contacted officials in the United Arab Emirates with a request to urgently correct the breach on this site and similar sites. The problem is currently being fixed.
“We recommend that Israelis first contact Israeli companies in order to issue visas to foreign countries,” Naor said, “and take extra care in providing information to such and other temporary sites.”