Hacker holds key to free flights

Powered by SC Magazine

Claims to generate boarding passes with Apple Passbook.

A security boffin claims to have developed a method to score free flights across Europe by generating fake boarding passes designed for Apple's Passbook app.

AnthonyHariton, an 18 year-old computer science undergrad from the University of Crete in Greece, gave a sneak peek into his upcoming presentation on the topic at the Hack in the Box conference on May 29 event in Amsterdam.

Hariton (@DaKnObCS) revealed a bypass he claims to affect the ticket scanners used before passengers step onto the jetway to board a plane.

Anyone with knowledge of the bypass can board a plane from a European Union airport to a destination of their choice by creating a fake boarding pass within Apple's Passbook app, he said.

The feat, the efficacy of which cannot be verified directly by SC Magazine, has stumped Europe's aviation authority. The boarding gate scanners should reconcile a passengers' ticket with the airline's departure database to ensure only legitimate passengers board.

“Airports have scanners at the boarding gates (and many are implementing these prior to security checks) whereby the data scanned is matched against the airlines’ departure control system to reconcile the passengers on board the flights against those booked on the flight," International Air Transport Association communications officer Albert Tjoeng said.

"In fact, following the introduction of bar coded boarding passes six years ago, airports have automated the reconciliation process of the boarding pass and the passenger list at the boarding gates."

And if that system were to black out, operators revert to manual checks. All of this means the boarding gate is the end of the road for fake tickets.

But Hariton dismissed the agency's response.

He said the model used in all EU airports to check the validity of tickets was "malfunctioning" noting they lacked "direct access to the airliner database", but wouldn't be drawn on whether he tested his research by boarding a flight.

Hariton said he developed a 'simple' technique to produce the boarding passes using CSS and JavaScript within a web browser.

The tickets could be passed to the Apple Passbook using an application programming interface built to allow software developers to pass tickets and coupons to the app.

Passengers with phony passes in hand only run the risk that the aircraft they intend to board may be fully booked, the hacker said.

"Currently, if you get into a completely booked flight and you have no place to sit, it will obviously be detected," he said.

Copyright © iTnews.com.au . All rights reserved.

Hacker holds key to free flights
Image: Alexander Luu.
Top Stories
How hard do you hack back?
[Blog post] Taking the offensive could have unintended consequences.
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
The big winners from Defence’s back-office IT refresh
Updated: The full list of subcontractors.
Image: Alexander Luu.
Sign up to receive iTnews email bulletins
Latest Comments
Which is the most prevalent cyber attack method your organisation faces?

   |   View results
Phishing and social engineering
Advanced persistent threats
Unpatched or unsupported software vulnerabilities
Denial of service attacks
Insider threats