@ Home Printed Airline Boarding Passes Can Be Modified to Avoid Safety Screenings
Barcode data can be altered to allow passengers to go through the U.S. TSA's PreCheck lines with lighter security- Blogger explains how he was able to decode his own boarding pass
By DAMIEN GAYLE
Read more: http://www.dailymail.co.uk/sciencetech/article-2223652/Fears-airline-boarding-pass-barcodes-read-mobile-phone-altered-avoid-security-checks.html#ixzz2AQh600KS
Follow us: @MailOnline on Twitter | DailyMail on Facebook
Barcodes on airline boarding passes can be read using smartphones and altered to allow passengers through lighter security checks, an aviation security researcher has claimed.
The U.S. Transport Security Administration (TSA) runs a program called PreCheck which allows frequent fliers to be randomly chosen for 'expedited screening' before boarding domestic flights.
Boarding passes for travel on U.S. airlines feature barcodes which include data telling security staff whether the passenger has been chosen to go through these less stringent checks.
Vulnerability: An airline security blogger has shown how boarding pass barcodes can be read using a phone then edited to allow passengers to avoid stringent pre-flight security checks
Those selected go through dedicated screening lines which allow them to leave on their shoes, belts and jackets, keep hold of their toiletries and laptops, and avoid the controversial full-body scanners.
With passengers able to print their boarding passes before they leave home, they can use barcode readers - which are available as smartphone apps - to see whether they have been selected.
The vulnerability in the system was highlighted last week by John Butler in his aviation blog Puckinflight - where he revealed the barcode information was unencrypted.
Explaining how he has been able to decode the barcode on a boarding pass for an upcoming trip, he writes that he has published the information because he is 'seriously concerned with boarding pass security'.
He shows how the final digit in the decoded data is either a one or a three - depending on whether or not the passenger has been selected for PreCheck.
A man undergoes a pat-down during TSA security screening: Travellers selected for the agency's PreCheck programme can avoid having to remove their shoes, belts and jackets
'What terrorists or really anyone can do is use a website to decode the barcode and get the flight information, put it into a text file, change the 1 to a 3, then use another website to re-encode it into a barcode,' he writes.
'Finally, using a commercial photo-editing program or any program that can edit graphics [they can] replace the barcode in their boarding pass with the new one they created.'
Other information stored on the barcode could be changed in exactly the same way, Mr Butler explains, including the passenger name and even the flight details.
'The really scary part is this will get past both the TSA document checker, because the scanners the TSA use are just barcode decoders, they don’t check against the real time information,' he adds.
So as long as the passenger remembers to put three on the end of the data they will always get through. Mr Butler said he has contacted the TSA to report the vulnerability.
Read more: http://www.dailymail.co.uk/sciencetech/article-2223652/Fears-airline-boarding-pass-barcodes-read-mobile-phone-altered-avoid-security-checks.html#ixzz2AQfmcj2P
Follow us: @MailOnline on Twitter | DailyMail on Facebook
No comments:
Post a Comment