Hacker holds key to free flights

Powered by SC Magazine

Claims to generate boarding passes with Apple Passbook.

A security boffin claims to have developed a method to score free flights across Europe by generating fake boarding passes designed for Apple's Passbook app.

AnthonyHariton, an 18 year-old computer science undergrad from the University of Crete in Greece, gave a sneak peek into his upcoming presentation on the topic at the Hack in the Box conference on May 29 event in Amsterdam.

Hariton (@DaKnObCS) revealed a bypass he claims to affect the ticket scanners used before passengers step onto the jetway to board a plane.

Anyone with knowledge of the bypass can board a plane from a European Union airport to a destination of their choice by creating a fake boarding pass within Apple's Passbook app, he said.

The feat, the efficacy of which cannot be verified directly by SC Magazine, has stumped Europe's aviation authority. The boarding gate scanners should reconcile a passengers' ticket with the airline's departure database to ensure only legitimate passengers board.

“Airports have scanners at the boarding gates (and many are implementing these prior to security checks) whereby the data scanned is matched against the airlines’ departure control system to reconcile the passengers on board the flights against those booked on the flight," International Air Transport Association communications officer Albert Tjoeng said.

"In fact, following the introduction of bar coded boarding passes six years ago, airports have automated the reconciliation process of the boarding pass and the passenger list at the boarding gates."

And if that system were to black out, operators revert to manual checks. All of this means the boarding gate is the end of the road for fake tickets.

But Hariton dismissed the agency's response.

He said the model used in all EU airports to check the validity of tickets was "malfunctioning" noting they lacked "direct access to the airliner database", but wouldn't be drawn on whether he tested his research by boarding a flight.

Hariton said he developed a 'simple' technique to produce the boarding passes using CSS and JavaScript within a web browser.

The tickets could be passed to the Apple Passbook using an application programming interface built to allow software developers to pass tickets and coupons to the app.

Passengers with phony passes in hand only run the risk that the aircraft they intend to board may be fully booked, the hacker said.

"Currently, if you get into a completely booked flight and you have no place to sit, it will obviously be detected," he said.

Copyright © iTnews.com.au . All rights reserved.

Hacker holds key to free flights
Image: Alexander Luu.
Top Stories
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
BoQ takes $10m hit on Salesforce CRM
Regulatory hurdles end cloud pilot.
Toll Group to go Google
Poaches Woolworths project manager.
Image: Alexander Luu.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.