Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Holds Key To Free Flights

Posted by Soulskill on from the TSA-bans-cell-phones-and-sitting-down-in-response dept.

mask.of.sanity writes: "A security researcher says he has developed a method to score free flights across Europe by generating fake boarding passes designed for Apple's Passbook app. The 18-year-old computer science undergrad didn't reveal the 'bypass' which gets the holder of the fraudulent ticket past the last scanner and onto the jetway; he's saving that for his talk at Hack in the Box in Amsterdam next month."

24 of 144 comments (clear)

  1. Okay, but... by broginator · · Score: 5, Insightful

    ... how do you deal with the inevitable "Hey, you're in my seat" dilemma?

    --
    s/[stupid comments]/[intelligent discourse]/gi
    1. Re:Okay, but... by Overzeetop · · Score: 3, Interesting

      "Oh, I'm sorry - I must have grabbed the wrong row."
      "Oh, I'm sorry - they said my seat assignment was provisional because I arrived so late, I'll find another one"

      Board near the end of the boarding time and take a free center seat near the back -unless then plane is 100% full, you're golden.

      --
      Is it just my observation, or are there way too many stupid people in the world?
    2. Re:Okay, but... by wonkey_monkey · · Score: 4, Informative

      Board near the end of the boarding time and take a free center seat near the back -unless then plane is 100% full, you're golden.

      Except for the annoying habbit flight attendants have of counting the number of passengers.

      --
      systemd is Roko's Basilisk.
    3. Re:Okay, but... by Plumpaquatsch · · Score: 2

      Go sit in the bathroom until after they count?

      But don't close the door, else they count the occupied booth.

      --
      Of course news about a fake are Fake News.
    4. Re:Okay, but... by Anonymous Coward · · Score: 2, Funny

      "Oh, I'm sorry - I must have grabbed the wrong row."
      "Sir, let me confirm your name with the flight manifest."
      "Oh, I...um..."
      (radios for security, man goes to prison under terrorism charges)

    5. Re:Okay, but... by Deadstick · · Score: 2

      ...and it's not very hard to be covert when all you have to do is count the empty seats and subtract.

    6. Re:Okay, but... by Zontar_Thing_From_Ve · · Score: 3, Interesting

      Not in my last 6 flights they haven't, at least not without trying to be incredibly covert about it which I seriously doubt. All these flights were within Europe or SE Asia, I don't know if head counts are more common in other regions.

      Within the US they definitely count the passengers. I flew between Canada and Asia last year and I don't remember if they counted or not, but on flights within the USA they definitely do count. There was a rather embarrassing incident where a minor without a ticket of any kind got on a plane in the US and nobody ever did anything to make sure he was in the right place or even had a ticket for the flight. I think now all the airlines want to make sure that kind of thing never happens again, because if a kid can do it, an adult with bad intentions may be able to do ti too.

    7. Re:Okay, but... by wonkey_monkey · · Score: 4, Informative

      They count the number of passengers who got on.

      The number of passengers with tickets is usually higher.

      They don't compare the count to the number of tickets. They compare it to the number of people known to be getting on the flight, presumably these days from the number who've been scanned through security (in my airside days it was the number that had checked in at the desk, since this was before online check-in).

      --
      systemd is Roko's Basilisk.
    8. Re:Okay, but... by yakatz · · Score: 4, Funny

      This sounds like part of the plot of Home Alone 2...

    9. Re:Okay, but... by RenderSeven · · Score: 4, Funny

      Just whisper to them "Im the Sky Marshal watching that passenger over there. For everyone's safety find another seat and tell NO ONE." For bonus points, tap your non-existent shoulder holster under your sport coat.

    10. Re:Okay, but... by kyrsjo · · Score: 3, Interesting

      They count the number of passengers who got on.

      The number of passengers with tickets is usually higher.

      They don't compare the count to the number of tickets. They compare it to the number of people known to be getting on the flight, presumably these days from the number who've been scanned through security (in my airside days it was the number that had checked in at the desk, since this was before online check-in).

      .. Which this device claims to be able to get through (the jetway is after the last ticket check). So the numbers may actually match up...

    11. Re:Okay, but... by kyrsjo · · Score: 2

      Usually they go down the aisle with a "clicker" - usually not very covert. The plane doesn't take off before the numbers match.

      On a flight I was on, the numbers didn't match up, so they went through the cabin with a list of all passengers, asking each of us to tell them their last name (which they crossed off from their list), in order to figure out who wasn't inside the plane.

    12. Re:Okay, but... by wonkey_monkey · · Score: 4, Funny

      Pfft, that's the stupid way. You count the number of legs and divide by two!

      --
      systemd is Roko's Basilisk.
    13. Re:Okay, but... by plover · · Score: 2

      Are you afraid of the whole "shoot out a window and Hollywood makes it seem as if the plane will empty itself via the hole" scenario? Mythbusters tested it. No, the plane doesn't explosively decompress, the passengers don't get sucked out the window. Basically, the results are "it's loud". Much more of a problem is that everyone's panicking and screaming because someone is shooting a gun.

      --
      John
    14. Re:Okay, but... by DroolTwist · · Score: 3, Funny

      (who may or may not be thrustworthy)

      As a guy, I hope I never, ever, enter this categorization.

  2. Just don't fly out of Europe by bunyip · · Score: 4, Insightful

    You might get lucky and get an empty seat. Hint - pick a center seat in the last few rows, these seats suck. However, if you fly into the US or many other countries, they will have received a passenger manifest electronically from the airline. You'll have fun when you get to customs and there's no record of you...

  3. CSS? Does my seat come with extra padding? by Anonymous Coward · · Score: 4, Funny

    Whoa, talk about floating yourself relative to your original position! If the flight is full can I just sit aligned in the center?

  4. Re:Welcome to the No-Fly List by Anonymous Coward · · Score: 2, Funny

    First rule of Flight Club is..

    You do not talk about FLIGHT CLUB.

    Second rule is..

    You do not talk about FLIGHT CLUB.

  5. Picking a seat is easy by ugen · · Score: 2

    Seat maps are now available online realtime for most major airlines. So there is no need to guess - you can pick a right flight and an empty seat, do it right before the departure and it will likely remain empty.

    On the other hand, my impression of gate check was that it checks boarding pass against database record of name/reservation/seat assignment. Certainly any other information maintained by gate agents is in the same remote database (such that any changes they perform at the gate become instantly visible online, for example standby and upgrade list status). So, no matter what the "local hack" is, it would only work if either:
    - He can also hack remote passenger database (unlikely)
    - Specific airline does not check passengers against the database and trusts properly constructed boarding pass (also unlikely, at least in US, as there needs to be positive match between passenger and loaded luggage that has to be performed based on that darn remote record).

    There is also pesky passenger manifest with names, which again comes not from your boarding pass but from the remote system (though they need to reconcile with with reality).

    Let's wait and see. Perhaps some of these conditions don't hold in Europe for whatever reason?

    1. Re:Picking a seat is easy by kuiken · · Score: 2

      On the budget airlines there are no seat assignments, you can pay extra to get in the first queue. Once the gate opens its a dash for the 'best' seats

      --

      42
  6. Re:Checkin will not allow double seating by Nidi62 · · Score: 4, Informative

    Lately, when I checkin for a flight, the software in the ticket scanner checks to see if the seat has already been scanned. If it has, it'll beep, if not then it marks it as now allocated.

    The gate agents also have access to electronic versions of the passenger manifest, and newer systems even display the names of passengers that are not yet checked in/on board/awaiting seat assignment next to a seatmap of the aircraft so they can be literally dragged and dropped to assign seats. If the boarding pass fails to scan, the first thing the gate agent will notice, either by looking at the list or manually typing in the passengers name, is that no one with that name is booked on the flight, either as a paying passenger or on standby. The name would have to match up with a person assigned to the flight, otherwise they will not let you on.

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  7. Iron Man challenge by Kamamura · · Score: 2, Funny

    For hackers with balls, try that on Air Force One.

    "Hey, Mr. President, this is my seat!"

  8. Bullshit by aepervius · · Score: 4, Informative

    All the CKI system i know of, count the pax boarded against the pax list in the CKI system. If they find a discrepancy, they check the one in addition and ask to check the ticket. Good luck making your explaining.

    The bottom line was that the secure (relatively) thing is not the boarding pass but the ticket. Now if you could free ticket i would be downright impressed. Free boarding pass have long been known to be insecure. They are not there to be secure but to count boarded pax on the system against real boarded on plane, to be able to remove the one which are No-Show and remove their baggage.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
  9. And confirmation of BS : by aepervius · · Score: 3, Insightful

    "He said the model used in all EU airports to check the validity of tickets was "malfunctioning" noting they lacked "direct access to the airliner database", but wouldn't be drawn on whether he tested his research by boarding a flight."

    To that I have to say only "yeah , right" as in very sarcastic. Some airline in europe have spearheaded the interline and ground handling electronic exchange between TKT and CKI systems (using edifact messages TKCREQ, TKCUAC, TKCRES) since.... 2001. Even the medium airline are using the itnerline access. only very very small airline are still using offline process like ETL list.

    That "security" researcher never checked in real life its results.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org