And yet another security flaw with boarding passes

Discussion in 'Travel Technology' started by viguera, Dec 16, 2014.  |  Print Topic

  1. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    Seems like you can easily change the URL and view someone else's boarding pass...

    The QR code also encodes the name in plain text, so when the TSA guy scans it they see your name and compare it with the name on the boarding pass and your ID.

    A more nefarious person could easily encode their own name on a QR code and basically have a valid boarding pass, complete with their name, but with someone else's PNR.

    I can't see any more "layers" of security that would prevent you from a) getting through airport security or b) boarding the plane with someone else's boarding pass, if you have the stones for it. :)

    http://mashable.com/2014/12/16/delta-security-flaw/
     
    adrianors, Newscience and uggboy like this.
  2. Wandering Aramean
    Original Member

    Wandering Aramean Gold Member

    Messages:
    28,220
    Likes Received:
    61,766
    Status Points:
    20,020
    The barcode has the name in plain text but is also has a hash would be invalidated if you alter the name field. That would alert when scanned by the TSA.

    It used to be possible to change those on paper BPs if you saved the HTML source code as they didn't always include the hash, but the mobile ones always have AFAIK.
     

Share This Page