Hacker Uses Fake Boarding Pass App To Get Into Fancy Airline Lounges (helpnetsecurity.com)

← Back to Stories (view on slashdot.org)

Hacker Uses Fake Boarding Pass App To Get Into Fancy Airline Lounges (helpnetsecurity.com)

Posted by BeauHD on Monday August 8, 2016 @12:10PM from the outsmarting-machines dept.

An anonymous reader quotes a report from Help Net Security: Przemek Jaroszewski, the head of Poland's Computer Emergency Response Team (CERT), says anyone can bypass the security of the automated entrances of airlines' airport lounges by using a specially crafted mobile app that spoofs boarding pass QR codes. He created one for himself, and successfully tried it out on a number of European airports. Usually, to enter these lounges, travelers need to let the scanner at the entrance scan the QR code on their boarding pass, and the doors open automatically. Jaroszewski created an Android app that creates fake but acceptable QR codes. He says that aside from a valid flight number, the QR code doesn't have to include correct information (traveller's name, flight destination, etc.). According to WIRED, the U.S. Transportation Security Administration (TSA) and the International Air Transport Association (IATA) don't consider this particular issue a problem that needs fixing. They said "any such boarding pass security flaw would be the airlines' issue." Here is an unlisted video of the hack in action.

55 comments

Min score:

Reason:

Sort:

Airport lounges suck by Dunbal · 2016-08-08 12:16 · Score: 1

Ever since they let anyone with a "gold" credit card get into airport lounges there's not much difference between that and the regular waiting area. Now they need to make a real first class lounge for people who actually have first class tickets.

--
Seven puppies were harmed during the making of this post.
1. Re:Airport lounges suck by bloodhawk · 2016-08-08 12:20 · Score: 1
  
  Not sure which part of the world you are from that doesn't already have this, but in most areas there are separate lounges for regular lounge guests and business and in many a 3rd separate one for First Class.
2. Re:Airport lounges suck by PPH · 2016-08-08 12:39 · Score: 4, Funny
  
  Because nobody could figure out a way to scam freebies off airlines first class programs.
  
  --
  Have gnu, will travel.
3. Re:Airport lounges suck by Jeremiah+Cornelius · 2016-08-08 13:24 · Score: 1
  
  I really DO have to agree. None of them are really "fancy".
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
4. Re:Airport lounges suck by cliffjumper222 · 2016-08-08 14:33 · Score: 4, Informative
  
  Yup. I'm lucky that my employer pays for biz class for intl flights over 9 hours, so I see a few of them. IMO, the red carpet club is the worst, usually packed with sweaty folks trying to shovel as many of the trail mix snacks and coffee they can into their gobs. The "bar" is useless and sternly managed by a crone in a vest. Don't forget the obligatory USD 1 tip or she'll get grumpy. Tokyo and SFO are the worst. If you're smart, you'll find another airline's Gold lounge where they let you pour your own and eat real food. ANA is okay and has the magic beer pouring machine, EVA is good and generous with the booze. The best are the first-class lounges though, which I've only been in rarely as a guest of a super-miler. EVA's in Taipei was really good. The best overall lounge so far was Virgin's biz lounge in Hong Kong. I ate everything they had on the menu and their martinis were great.
5. Re:Airport lounges suck by AK+Marc · 2016-08-08 14:35 · Score: 1
  
  I've been in the "1st class" lounges in the US and Australia, and they lump in all the eligible people into a single lounge.
  
  There are some concierge services that require showing higher permissions, but those are few, and inconsistent.
  
  --
  Learn to love Alaska
6. Re:Airport lounges suck by GNious · 2016-08-08 20:07 · Score: 1
  
  As a frequent flyer, I don't need them to be fancy, just to be quieter than the main areas, to have some snacks, a shower, a clean toilet, comfortable chairs ...
7. Re:Airport lounges suck by JaredOfEuropa · 2016-08-08 20:40 · Score: 1
  
  I heard good things about Virgin. A while ago I made regular trips from Amsterdam to Tokyo on KLM, with a few co-workers flying in from London on Virgin. After their description of the lounge and the in-flight service I was sorely tempted to grab a flight to London on my own dime and hop on that Virgin flight instead of sticking with KLM, just to experience a service where people actually make an effort (KLM isn't terrible, but it feels like they always do as little as they can get away with).
  
  --
  If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
8. Re:Airport lounges suck by quenda · 2016-08-08 20:49 · Score: 2
  
  I've been in the "1st class" lounges in the US and Australia,
  
  Not sure where you are, but out West, the lounge that was once full of business travellers in suits is now full of FIFOs (fly-in, fly-out mine workers), many in safety-boots and hi-vis clothing. Times have changed.
9. Re: Airport lounges suck by Anonymous Coward · 2016-08-08 21:10 · Score: 0
  
  Why is this modded down? The guy has a point.
10. Re: Airport lounges suck by Anonymous Coward · 2016-08-08 21:11 · Score: 0
  
  Clearly you've never encountered eurotrash.
11. Re:Airport lounges suck by AK+Marc · 2016-08-08 22:05 · Score: 1
  
  I've not flown out to WA. Only to the major cities on the other side. QLD, VIC, NSW. Frequent flier qualifiers fill the lounge. The days of the lounges golding only 1st class ticket holders is long since over. Or I'd never see the inside of them.
  
  --
  Learn to love Alaska
12. Re: Airport lounges suck by greenfruitsalad · 2016-08-08 22:25 · Score: 1
  
  Thomas Cook tourists from England. Drunk, loud, red sunburnt skin, loud, messy, loud, zero manners, loud. An absolute menace at every holiday destination. Almost as bad as rich Russians who think everything is theirs to damage and everybody is there to serve them only.
13. Re:Airport lounges suck by mjwx · 2016-08-08 23:09 · Score: 2
  
  I've been in the "1st class" lounges in the US and Australia, and they lump in all the eligible people into a single lounge. There are some concierge services that require showing higher permissions, but those are few, and inconsistent.
  That's US and Australian airlines. People who travel on those airlines are so classless they could be a communist utopia.
  
  Try flying someone like Singapore, they separate their business and first class lounges and their business class lounges are better than any others I've seen, especially in Changi.
  
  Then again, there isn't a credit card I know of that will get you entry (unless it's paying a fee) so you need to have a business class ticket or be a Krisflyer member with status... which you only get with flying Singapore with some regularity.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
14. Re:Airport lounges suck by AmiMoJo · 2016-08-08 23:40 · Score: 1
  
  EVA's in Taipei was really good.
  They made you sit OUTSIDE the fuselage? What was economy class like?!?
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
15. Re: Airport lounges suck by Anonymous Coward · 2016-08-09 01:13 · Score: 0
  
  But English holidaymakers can't possibly pass as white. Not on their way back, anyway. Boiled lobster, scarlet, even vermilion, but definitely not white.
16. Re:Airport lounges suck by jittles · 2016-08-09 01:29 · Score: 1
  
  I heard good things about Virgin. A while ago I made regular trips from Amsterdam to Tokyo on KLM, with a few co-workers flying in from London on Virgin. After their description of the lounge and the in-flight service I was sorely tempted to grab a flight to London on my own dime and hop on that Virgin flight instead of sticking with KLM, just to experience a service where people actually make an effort (KLM isn't terrible, but it feels like they always do as little as they can get away with).
  The fanciest service I've ever had from an airline was by KLM. It was in business class where they served breakfast on fine china for a 50 minute flight. Of course, that was a decade ago so perhaps they aren't nearly as fancy any more? I fly first on United and Delta from time to time and it has never ever been as amazing as that one flight by KLM. The lounges are great for long flights but I don't ever bother on domestic travel. Oh how times have changed.
17. Re:Airport lounges suck by TechyImmigrant · 2016-08-09 02:20 · Score: 1
  
  Before a 1st class flight to Korea from the US (I think from Chicago) I found myself being directed to a first class lounge as I started in the direction of the lounge. It wasn't like they said "The first class lounge is over here if you care to use it", it was more a case of being told "No, don't even think of going to the usual lounge. Get in this elevator right now".
  It was not different to the usual lounge, except for being smaller and less worn down by masses of people. But they were very insistent that I be in it.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
18. Re:Airport lounges suck by TechyImmigrant · 2016-08-09 02:27 · Score: 1
  
  I heard good things about Virgin. A while ago I made regular trips from Amsterdam to Tokyo on KLM, with a few co-workers flying in from London on Virgin. After their description of the lounge and the in-flight service I was sorely tempted to grab a flight to London on my own dime and hop on that Virgin flight instead of sticking with KLM, just to experience a service where people actually make an effort (KLM isn't terrible, but it feels like they always do as little as they can get away with).
  The fanciest service I've ever had from an airline was by KLM. It was in business class where they served breakfast on fine china for a 50 minute flight. Of course, that was a decade ago so perhaps they aren't nearly as fancy any more? I fly first on United and Delta from time to time and it has never ever been as amazing as that one flight by KLM. The lounges are great for long flights but I don't ever bother on domestic travel. Oh how times have changed.
  Rather more recently (last December) I took business class to Guanzhou, China on China Southern airlines. It was the best international business class I've been in, and I've been in a few. In contrast, I came back on business class with Canadian airlines and it was the worst international business class I've been in.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
19. Re:Airport lounges suck by Cederic · 2016-08-09 05:43 · Score: 1
  
  Virgin's 'upper class' lounge in LAX do a nice burger and don't charge you for vodka.
  It's just not worth the extra $1500 on the flight.
20. Re:Airport lounges suck by TheSync · 2016-08-09 07:35 · Score: 1
  
  The Virgin "Upper Class" section across the Atlantic has a bar you can sit at. Pretty cool.
  But flying on these little airlines freak me out because a bad weather delay can really mess you up if there are just a few flights per day.
21. Re:Airport lounges suck by bloodhawk · 2016-08-09 11:34 · Score: 1
  
  Australia has separate standard, business and first class lounges at "most" airports too.
22. Re: Airport lounges suck by GodGell · 2016-08-15 23:59 · Score: 1
  
  Thomas Cook tourists from England. Drunk, loud, red sunburnt skin, loud, messy, loud, zero manners, loud. An absolute menace at every holiday destination. Almost as bad as rich Russians who think everything is theirs to damage and everybody is there to serve them only.
  As somebody who lives in Central Europe (which, to most Brits, is apparently the same thing as Eastern Europe), I can fully attest to your observations. British tourists are incredibly uncultured and rude compared to pretty much all other tourists you see around here. Which is quite funny when you think about how, historically, they tended to portray themselves as more sophisticated than other folk*. Rich Russians are a menace, especially if they're anywhere near a car, but they have a niveau of behavior your average Brit could only dream of.
  [*] I once even heard a group of them outright declaring that they're the "best" people in the Universe, and that "we've kicked these guys' arses every time we came here" (never mind that this country has never been at war with Britain). They then proceeded to threaten the nightclub owner (who threw them out of his club, hence the argument) to go to the British embasssy and "you'll see what happens". They were bloody serious too; I wish I could say this was an isolated incident, but these things happen practically all summer, every summer, if you live in a touristy city.
  
  --
  [SHOW SOME LENIENCY TOWARDS ... I mean, FUCK BETA] Eat. Survive. Reproduce. GOTO 10
Fraud by Anonymous Coward · 2016-08-08 12:22 · Score: 1

Jaroszewski is playing a dangerous game and at no less than airports! Fraud is dishonesty calculated for advantage. Authorities are never sympathetic of people showing up their shortcomings. Jaroszewski may find they throw the book at him. It took the Intel "hacker" 12 years to clear his name and he was one the "lucky" ones. http://www.computing.co.uk/ctg...
1. Re:Fraud by Gadget_Guy · 2016-08-08 13:44 · Score: 1
  
  Oh, yes. I'm sure the head of Poland's Computer Emergency Response Team would be worried about having the authorities throw the book at him. Especially when the authorities say that this is not something that they care about and it is up to the airlines to worry about it.
  Surely if anyone says that they were "just testing the security" then it would be him.
2. Re:Fraud by lucm · 2016-08-08 14:26 · Score: 1, Insightful
  
  I don't know what is the purpose of the Poland Computer Emergency Response Team. Protecting the local companies who offer cheap IT labor against the Indian hackers who work for the competition?
  
  --
  lucm, indeed.
3. Re:Fraud by Anonymous Coward · 2016-08-08 14:53 · Score: 0
  
  Jaroszewski is playing a dangerous game and at no less than airports! Fraud is dishonesty calculated for advantage. Authorities are never sympathetic of people showing up their shortcomings. Jaroszewski may find they throw the book at him. It took the Intel "hacker" 12 years to clear his name and he was one the "lucky" ones. http://www.computing.co.uk/ctg...
  
  Fraud is "gaining a financial advantage by deception". "Authorities" frequently don't give a fuck.
  You can return to your fantasy now...
4. Re:Fraud by Anonymous Coward · 2016-08-08 17:40 · Score: 0
  
  That site requires you to create an account just to read the article. Fuck that noise.
5. Re:Fraud by Skorpion · 2016-08-08 18:12 · Score: 1
  
  They're fighting Russian hackers and Russian, American and Israeli spies (APT-s). Read their reports.
6. Re:Fraud by lucm · 2016-08-08 18:27 · Score: 0
  
  They're fighting Russian hackers and Russian, American and Israeli spies (APT-s). Read their reports.
  Yeah I'm sure there's a small army of NSA spies hidden in a room somewhere trying to "hack" Poland and steal all that valuable data. They probably sit next to the black ops team that's planning a coup in Cape Verde.
  
  --
  lucm, indeed.
7. Re:Fraud by Anonymous Coward · 2016-08-08 18:39 · Score: 1
  
  Many CERTs are not part of the government. The Polish one is an academic institute whose charter allows security research but *not* for mounting attacks or committing fraud "in the name of research", and *nothing* about investigating airport security. He also went public with his findings which they never like. Depends on his relationship with the authorities, but Poland has a right wing government which has been cracking down on free speech. To cover his ass he should have got permission first.
8. Re:Fraud by Anonymous Coward · 2016-08-08 18:45 · Score: 0
  
  Using a fake pass to gain access to services he'd otherwise have to pay for is financial advantage. He also said he used it at a number of European airports outside of Poland.
9. Re:Fraud by Ash-Fox · 2016-08-08 20:38 · Score: 1
  
  They're fighting Russian hackers and Russian, American and Israeli spies (APT-s). Read their reports.
  According to their reports, they were fighting people like anti-ACTA activists, anti-fascism protests, anonymous activists and some bitcoin monitoring... Beyond that, I didn't really find much of anything that wasn't already being addressed by better other organizations, such as the large botnets or advertising spammers.
  
  --
  Change is certain; progress is not obligatory.
10. Re:Fraud by Ash-Fox · 2016-08-08 20:46 · Score: 1
  
  Yeah I'm sure there's a small army of NSA spies hidden in a room somewhere trying to "hack" Poland and steal all that valuable data.
  I remember some years back (probably around 2004), when a secret list of CIA operatives was leaked to the public in Poland and how everyone seem unsurprised that there were CIA agents penetrating all levels of the Polish government. It wouldn't surprise me if that's how they got the secret CIA "interrogation center" (torture site) authorized originally.
  
  --
  Change is certain; progress is not obligatory.
11. Re:Fraud by greenfruitsalad · 2016-08-08 23:11 · Score: 1
  
  he's not in "the land of the free", so walking through a lounge is unlikely to get him into any serious trouble. good luck proving he did anything other than walk through it. had this happened in the US of A, i'd fully expect him to be locked up on terrorism charges.
Unlisted video? by Anonymous Coward · 2016-08-08 12:35 · Score: 1

What's the significance of an "unlisted video?" It's linked right there and from dozens of other websites. That's like saying I have an unlisted phone number and putting it up on a billboard.
1. Re:Unlisted video? by Anonymous Coward · 2016-08-08 12:41 · Score: 0, Funny
  
  That's like saying I have an unlisted phone number and putting it up on a billboard.
  It's exactly like that. Good job, Poindexter.
2. Re:Unlisted video? by AK+Marc · 2016-08-08 15:18 · Score: 2
  
  He posted it as "unlisted" in an attempt to reduce legal liability. It won't help, if he gets in legal trouble, but it makes him feel better.
  
  --
  Learn to love Alaska
Did he get onboard a flight he didnt pay for? by known_coward_69 · 2016-08-08 12:43 · Score: 1

Otherwise the only security flaw is paying for overpriced food and drinks
1. Re: Did he get onboard a flight he didnt pay for? by _merlin · 2016-08-08 13:20 · Score: 2
  
  I don't know where you live, but around here the food and drinks are free in the airline lounges.
2. Re: Did he get onboard a flight he didnt pay for? by Cochonou · 2016-08-08 17:24 · Score: 1
  
  You will find many lounges over the world which do not offer everything for free.
3. Re: Did he get onboard a flight he didnt pay for? by _merlin · 2016-08-08 19:39 · Score: 1
  
  Then what do they offer over the general waiting area? the whole attraction of airline lounges here is free food/booze/showers.
4. Re: Did he get onboard a flight he didnt pay for? by TechyImmigrant · 2016-08-09 03:06 · Score: 1
  
  Then what do they offer over the general waiting area? the whole attraction of airline lounges here is free food/booze/showers.
  No. The attraction is basic amenities and separation from the thronging masses.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Quick HowTo by rworne · 2016-08-08 13:35 · Score: 5, Informative

Nothing that's a big secret about this.
Download the IATA Resolution 792, you'll see in section 2.5 the data structure of the bar code for a boarding pass. Then generate the necessary barcode from the resulting ASCII string.
You'll probably need to check the Internet archive, because these resolutions were freely downloadable until a couple of years ago and then they were put behind a paywall... Free to $1500-$4500? Really?
You can use this to generate airline boarding passes too, but all the mobile passes I have seen have a digital signature appended to the end of it. The paper ones they hand out at the airport lack a digital signature.
Oh, and United Clubs actually look up your flight info, FYI.

--
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
1. Re:Quick HowTo by rworne · 2016-08-08 13:59 · Score: 1
  
  It's missing a bunch of info such as what's legal data for each field, and the missing documents fill you in on a few of those. Even so, they are also incomplete.
  But yes, that's a good start.
  It took me quite a long time to figure out the codes for some fields, like TSAPre and Secondary Screening. The first because I had one, the second only from someone who posted in their blog about being mishandled by the TSA and helpfully posted a picture of the boarding pass with the barcode.
  
  --
  I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
2. Re:Quick HowTo by edtice1559 · 2016-08-09 01:47 · Score: 1
  
  Yes, this must be a European technique. I've only been to a few lounges (I usually fly Southwest and they don't have such a thing), but always there has been a person who checked me in. The needed ID and boarding pass and I assume that they somehow matched that to the flight.
Comment removed by account_deleted · 2016-08-08 13:46 · Score: 1

Comment removed based on user account deletion
Scene: Meeting of Polish Government Officials by Anonymous Coward · 2016-08-08 21:20 · Score: 1

Polish Government Official #1: Shall we give President Bush everything he wants, y'all?
Polish Government Official #2: Howdy. A Big Yesiree!
Polish Government Official #3: Like totally, man...
(Awkward Silence)
Polish Government Official #1: Are there any real Pollacks here or are we all plants?
Best way to fix it.. by Anonymous Coward · 2016-08-09 01:25 · Score: 1

Spread the app as far and wide as possible.
Once the lounges get overcrowded, watch them react.
1. Re: Best way to fix it.. by im_thatoneguy · 2016-08-09 04:11 · Score: 1
  
  So the best way to fix a non problem is to make it a problem?
WAIT WAIT so according to FBI Slashdot by Anonymous Coward · 2016-08-09 06:03 · Score: 0

Hackers..
Planes...
They could BE ANYWHERE NOW!?
fuck.