Hacker holds key to free flights

Powered by SC Magazine

Claims to generate boarding passes with Apple Passbook.

A security boffin claims to have developed a method to score free flights across Europe by generating fake boarding passes designed for Apple's Passbook app.

AnthonyHariton, an 18 year-old computer science undergrad from the University of Crete in Greece, gave a sneak peek into his upcoming presentation on the topic at the Hack in the Box conference on May 29 event in Amsterdam.

Hariton (@DaKnObCS) revealed a bypass he claims to affect the ticket scanners used before passengers step onto the jetway to board a plane.

Anyone with knowledge of the bypass can board a plane from a European Union airport to a destination of their choice by creating a fake boarding pass within Apple's Passbook app, he said.

The feat, the efficacy of which cannot be verified directly by SC Magazine, has stumped Europe's aviation authority. The boarding gate scanners should reconcile a passengers' ticket with the airline's departure database to ensure only legitimate passengers board.

“Airports have scanners at the boarding gates (and many are implementing these prior to security checks) whereby the data scanned is matched against the airlines’ departure control system to reconcile the passengers on board the flights against those booked on the flight," International Air Transport Association communications officer Albert Tjoeng said.

"In fact, following the introduction of bar coded boarding passes six years ago, airports have automated the reconciliation process of the boarding pass and the passenger list at the boarding gates."

And if that system were to black out, operators revert to manual checks. All of this means the boarding gate is the end of the road for fake tickets.

But Hariton dismissed the agency's response.

He said the model used in all EU airports to check the validity of tickets was "malfunctioning" noting they lacked "direct access to the airliner database", but wouldn't be drawn on whether he tested his research by boarding a flight.

Hariton said he developed a 'simple' technique to produce the boarding passes using CSS and JavaScript within a web browser.

The tickets could be passed to the Apple Passbook using an application programming interface built to allow software developers to pass tickets and coupons to the app.

Passengers with phony passes in hand only run the risk that the aircraft they intend to board may be fully booked, the hacker said.

"Currently, if you get into a completely booked flight and you have no place to sit, it will obviously be detected," he said.

Copyright © iTnews.com.au . All rights reserved.

Hacker holds key to free flights
Image: Alexander Luu.
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
Image: Alexander Luu.
Sign up to receive iTnews email bulletins
Latest Comments
What is delaying adoption of public cloud in your organisation?

   |   View results
Lock-in concerns
Application integration concerns
Security and compliance concerns
Unreliable network infrastructure
Data sovereignty concerns
Lack of stakeholder support
Protecting on-premise IT jobs
Difficulty transitioning CapEx budget into OpEx