Security & Trust Center

For over two decades, Simpleway has been protecting critical airport and transit infrastructure worldwide. We continuously monitor and protect Airport.cx systems to ensure the reliability and security of your operations, employing advanced security practices, maintaining 24/7 monitoring, and regularly updating our defenses against evolving threats.

Transparency is core to our security philosophy. This page provides a complete history of security-related incidents, our response, and the measures taken to protect your systems.

If you notice suspicious activity or have security concerns, please contact our support team through your established channels.

Security Collaboration Rewards

Your expertise helps protect passenger experience of millions of travelers worldwide. We actively partner with security researchers and generously compensate those who help us identify vulnerabilities before they can be exploited.

20 years of securing airports taught us that the best defense is collaboration with talented researchers like you.

FAIR REWARDS | DIRECT IMPACT | QUICK RESPONSE | PROFESSIONAL RESPECT

What We're Looking For

  • Vulnerabilities in Airport.cx platform and infrastructure

  • Security issues in display and announcement systems

  • Authentication or authorization bypasses

  • Data exposure or injection vulnerabilities

  • API and integration security flaws

  • You can send us email to security@simpleway.global.

    Email may be encrypted to:

    OpenPGP key F9A1 CDE2 063B 7C4C 8017 24E6 940F DBA0 6043 290F

    https://keys.openpgp.org/vks/v1/by-fingerprint/F9A1CDE2063B7C4C801724E6940FDBA06043290F

Past incidents

  • On October 14–15, 2025, Simpleway experienced a security incident that briefly affected certain public-announcement and display systems at select customer locations. The issue was contained promptly, and service was fully restored within three hours.

    Summary

    An administrative account was compromised despite multi-factor authentication being enabled. The attacker’s actions were limited to displaying unauthorized audio and visual content. There is no evidence that any customer data was accessed, altered, or exfiltrated, and no system control occurred beyond content manipulation.

    Remediation

    All affected systems were isolated, verified, and restored. Access controls and credentials have been rotated and further hardened, with IP-based restrictions implemented for administrative interfaces. A full review of infrastructure and audit logs is ongoing. We have also notified the relevant cybersecurity authorities as part of our standard incident-response process.