Slashdot Mirror

← Back to Stories (view on slashdot.org)

Experts Warn About Security Flaws In Airline Boarding Passes

Posted by samzenpus on from the to-screen-or-not-to-screen dept.

concealment writes in with a story about a newly found security issue with the bar codes on boarding passes. "Flight enthusiasts, however, recently discovered that the bar codes printed on all boarding passes — which travelers can obtain up to 24 hours before arriving at the airport — contain information on which security screening a passenger is set to receive. Details about the vulnerability spread after John Butler, an aviation blogger, drew attention to it in a post late last week. Butler said he had discovered that information stored within the bar codes of boarding passes is unencrypted, and so can be read in advance by technically minded travelers. Simply by using a smartphone or similar device to check the bar code, travelers could determine whether they would pass through full security screening, or the expedited process."

11 of 199 comments (clear)

  1. Same security for all by Kwyj1b0 · · Score: 5, Interesting

    Has anyone seen a case where a passenger is waved through security? Each time I go through, everyone in line for screening goes through the same process (then again, I am completely average and might not have seen advanced/reduced security for anyone except pilots).

    1. Re:Same security for all by GumphMaster · · Score: 5, Informative

      Once you pass passport checks the 'security' on entering Australia is to do with biological security. A US national entering from a US flight is low risk for carrying biological hazards like viable seeds, eggs, infested timber products etc. Had you entered on a flight you joined in Africa or Asia, or been a Chinese national (think suitcase full of traditional remedies), they would likely have X-rayed everything for biological matter. We have stiff penalties for failing to declare prohibited biological items.

      Security on leaving Australia bound for the US is largely dictated by US policy.

      --
      Patent litigation: A doctrine of Mutually Assured Destruction... in which everyone seems willing to push the button
    2. Re:Same security for all by fustakrakich · · Score: 5, Interesting

      It is a department with the largest scope creep I have ever seen.

      You mean aside from the CIA, NSA, IRS, DOD, FBI, the executive branch of the government, the entire government itself? It's pretty hard to quantify 'scope creep' when everybody is guilty.

      --
      “He’s not deformed, he’s just drunk!”
    3. Re:Same security for all by Joce640k · · Score: 5, Informative

      When I entered Australia as a U.S. citizen studying abroad I was waved through security. I'm still not sure why, but I don't think it had anything do with my boarding pass showing me as definitely not a terrorist.

      You mean you were treated like a human being? In the rest of the world that's what we call "normal".

      --
      No sig today...
  2. Photoshop? by x_IamSpartacus_x · · Score: 5, Interesting

    How possible would it be to do very subtle Photoshop (or the GIMP) changes to ensure someone goes through the expedited process? Heck, terrorism aside, I'D do it just to avoid the cancer machines.

    1. Re:Photoshop? by dkleinsc · · Score: 5, Informative

      quite possible, as Bruce Schneier explains in detail.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
  3. Link to the actual blog by AlphaEcho35 · · Score: 5, Informative

    http://puckinflight.wordpress.com/2012/10/19/security-flaws-in-the-tsa-pre-check-system-and-the-boarding-pass-check-system/

  4. Re:Profiling by PerformanceDude · · Score: 5, Insightful

    Actually - for many years when I was traveling in the US, if (and only if) my boarding pass had SSSS printed on it, I would be subjected to extra screening. The SSSS would be printed in large clear letters on the document. I don't know what genius came up with that advance warning, but it sure as hell would tell a wannabe terrorist not to go through with his plan and try again some other time. The people managing these processes really need to think such things through a little bit better.

    --
    Meus subcriptio est nocens Latin quoniam bardus populus reputo is sanus callidus
  5. Re:Profiling by excelblue · · Score: 5, Interesting

    Airline employees can manually mark any boarding pass as SSSS.

    How do I know? When it was possible to fly by purposely refusing to present ID, I once flew on a ticket that was paid for by another family member. When I went to check in and check my bags, they asked for ID. I told nicely told them that I prefer not to be identified and will be flying as a selectee. Person at ticket counter gives me a dirty look and responds (expectedly) that the SSSS is required if you don't present ID, but everything flowed smoothly after that. It's a shame that you can't refuse to identify yourself anymore these days.

    After that, I think I was flagged as all my boarding passes for the next couple years had SSSS on it.

  6. Re:How long till John Butler gets arrested? by fatphil · · Score: 5, Informative

    Not likely to be long at all. Here's wikipedia's take on Chris Soghoian's tale:

    On October 26, 2006, Soghoian created a website that allowed visitors to generate fake boarding passes for Northwest Airlines. While users could change the boarding document to have any name, flight number or city that they wished, the generator defaulted to creating a document for Osama Bin Laden.

    Soghoian claimed that his motivation for the website was to focus national attention on the ease with which a passenger could evade the no-fly lists.[3] Information describing the security vulnerabilities associated with boarding pass modification had been widely publicized by others before, including Senator Charles Schumer (D-NY)[4][5] and security expert Bruce Schneier.[6] Soghoian received media attention for posting a program on his website to enable the automatic production of modified boarding passes. Democrat Edward Markey, House of Representatives committee (telecommunications and the internet) stated Soghoian should be arrested.[2]

    At 2 AM on October 28, 2006, his home was raided by agents of the FBI to seize computers and other materials.[7] Soghoian's Internet Service Provider voluntarily shut down the website, after it received a letter from the FBI claiming that the site posed a national security threat.[8] The FBI closed the criminal investigation in November 2006 without filing any charges.[9] The TSA also initiated a civil investigation in December 2006,[10][11] which was closed without any charges being filed in June 2007.[12][13]

    --
    Also FatPhil on SoylentNews, id 863
  7. The Joys Of Flying by rally2xs · · Score: 5, Interesting

    including the inability to get non-stop flights for most routes, having to pay to park in a lot that is still a 10 minute ride to the terminal, having to arrive 2 hours early to ensure getting thru security on time to board, having small innocuous items in my pockets stolen by TSA, risking having large innocuous items in my bags stolen by TSA, getting severely overcharged for food at airport terminals, getting X-rayed by someone who is not my doctor or dentist, having to do mini-marathons thru airports to make connecting flights, getting my bags lost, etc. etc. have all combined to cause me to decide to drive everywhere I go. Eventually, the Alcan Highway is going to get photographed up the wazoo, by me, 'cuz I'll drive up and ferry back. But the X-rays were the last straw, that shall not stand. I quit. You can find me on I-10 to Tucson next year, I-74 from Indy to La Crosse, I-64 to St. Louis, etc. etc. Until the unconstitutional TSA activity is removed, I will not choose to fly anywhere I can drive, or boat, or travel by train.