Slashdot Mirror


Hacker Holds Key To Free Flights

mask.of.sanity writes: "A security researcher says he has developed a method to score free flights across Europe by generating fake boarding passes designed for Apple's Passbook app. The 18-year-old computer science undergrad didn't reveal the 'bypass' which gets the holder of the fraudulent ticket past the last scanner and onto the jetway; he's saving that for his talk at Hack in the Box in Amsterdam next month."

15 of 144 comments (clear)

  1. Okay, but... by broginator · · Score: 5, Insightful

    ... how do you deal with the inevitable "Hey, you're in my seat" dilemma?

    --
    s/[stupid comments]/[intelligent discourse]/gi
    1. Re:Okay, but... by Overzeetop · · Score: 3, Interesting

      "Oh, I'm sorry - I must have grabbed the wrong row."
      "Oh, I'm sorry - they said my seat assignment was provisional because I arrived so late, I'll find another one"

      Board near the end of the boarding time and take a free center seat near the back -unless then plane is 100% full, you're golden.

      --
      Is it just my observation, or are there way too many stupid people in the world?
    2. Re:Okay, but... by wonkey_monkey · · Score: 4, Informative

      Board near the end of the boarding time and take a free center seat near the back -unless then plane is 100% full, you're golden.

      Except for the annoying habbit flight attendants have of counting the number of passengers.

      --
      systemd is Roko's Basilisk.
    3. Re:Okay, but... by Zontar_Thing_From_Ve · · Score: 3, Interesting

      Not in my last 6 flights they haven't, at least not without trying to be incredibly covert about it which I seriously doubt. All these flights were within Europe or SE Asia, I don't know if head counts are more common in other regions.

      Within the US they definitely count the passengers. I flew between Canada and Asia last year and I don't remember if they counted or not, but on flights within the USA they definitely do count. There was a rather embarrassing incident where a minor without a ticket of any kind got on a plane in the US and nobody ever did anything to make sure he was in the right place or even had a ticket for the flight. I think now all the airlines want to make sure that kind of thing never happens again, because if a kid can do it, an adult with bad intentions may be able to do ti too.

    4. Re:Okay, but... by wonkey_monkey · · Score: 4, Informative

      They count the number of passengers who got on.

      The number of passengers with tickets is usually higher.

      They don't compare the count to the number of tickets. They compare it to the number of people known to be getting on the flight, presumably these days from the number who've been scanned through security (in my airside days it was the number that had checked in at the desk, since this was before online check-in).

      --
      systemd is Roko's Basilisk.
    5. Re:Okay, but... by yakatz · · Score: 4, Funny

      This sounds like part of the plot of Home Alone 2...

    6. Re:Okay, but... by RenderSeven · · Score: 4, Funny

      Just whisper to them "Im the Sky Marshal watching that passenger over there. For everyone's safety find another seat and tell NO ONE." For bonus points, tap your non-existent shoulder holster under your sport coat.

    7. Re:Okay, but... by kyrsjo · · Score: 3, Interesting

      They count the number of passengers who got on.

      The number of passengers with tickets is usually higher.

      They don't compare the count to the number of tickets. They compare it to the number of people known to be getting on the flight, presumably these days from the number who've been scanned through security (in my airside days it was the number that had checked in at the desk, since this was before online check-in).

      .. Which this device claims to be able to get through (the jetway is after the last ticket check). So the numbers may actually match up...

    8. Re:Okay, but... by wonkey_monkey · · Score: 4, Funny

      Pfft, that's the stupid way. You count the number of legs and divide by two!

      --
      systemd is Roko's Basilisk.
    9. Re:Okay, but... by DroolTwist · · Score: 3, Funny

      (who may or may not be thrustworthy)

      As a guy, I hope I never, ever, enter this categorization.

  2. Just don't fly out of Europe by bunyip · · Score: 4, Insightful

    You might get lucky and get an empty seat. Hint - pick a center seat in the last few rows, these seats suck. However, if you fly into the US or many other countries, they will have received a passenger manifest electronically from the airline. You'll have fun when you get to customs and there's no record of you...

  3. CSS? Does my seat come with extra padding? by Anonymous Coward · · Score: 4, Funny

    Whoa, talk about floating yourself relative to your original position! If the flight is full can I just sit aligned in the center?

  4. Re:Checkin will not allow double seating by Nidi62 · · Score: 4, Informative

    Lately, when I checkin for a flight, the software in the ticket scanner checks to see if the seat has already been scanned. If it has, it'll beep, if not then it marks it as now allocated.

    The gate agents also have access to electronic versions of the passenger manifest, and newer systems even display the names of passengers that are not yet checked in/on board/awaiting seat assignment next to a seatmap of the aircraft so they can be literally dragged and dropped to assign seats. If the boarding pass fails to scan, the first thing the gate agent will notice, either by looking at the list or manually typing in the passengers name, is that no one with that name is booked on the flight, either as a paying passenger or on standby. The name would have to match up with a person assigned to the flight, otherwise they will not let you on.

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  5. Bullshit by aepervius · · Score: 4, Informative

    All the CKI system i know of, count the pax boarded against the pax list in the CKI system. If they find a discrepancy, they check the one in addition and ask to check the ticket. Good luck making your explaining.

    The bottom line was that the secure (relatively) thing is not the boarding pass but the ticket. Now if you could free ticket i would be downright impressed. Free boarding pass have long been known to be insecure. They are not there to be secure but to count boarded pax on the system against real boarded on plane, to be able to remove the one which are No-Show and remove their baggage.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
  6. And confirmation of BS : by aepervius · · Score: 3, Insightful

    "He said the model used in all EU airports to check the validity of tickets was "malfunctioning" noting they lacked "direct access to the airliner database", but wouldn't be drawn on whether he tested his research by boarding a flight."

    To that I have to say only "yeah , right" as in very sarcastic. Some airline in europe have spearheaded the interline and ground handling electronic exchange between TKT and CKI systems (using edifact messages TKCREQ, TKCUAC, TKCRES) since.... 2001. Even the medium airline are using the itnerline access. only very very small airline are still using offline process like ETL list.

    That "security" researcher never checked in real life its results.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org