Hacker Makes Counterfeit Boarding Passes that Allows Him Use Airline Lounges

Chief of Polish section of Computer Emergency Readiness Team program at the international level, Przemek Jaroszewski was getting ready for demonstrating an apparently ordinary, however, scary hack at the Las Vegas Defcon conference during the present week. The hack would involve an Android application which produces counterfeit boarding passes.

Actually Jaroszewski was prohibited from enjoying the elite status of using the posh lounges of different airports. That prompted him to create his own application for solving the problem. The application helped develop one QR code that could subsequently be scanned while proceeding to enter an airport lounge's gate of his choice.

The most important aspect about the hack is that in spite of all the details, which Jaroszewski inputs to make the boarding passes, are a fake, he could use the lounge only because there is neither any manual nor mechanical arrangement for doubly checking if he is really eligible for taking the flight whose details are inside the QR program. Based on the prohibition, Jaroszewski isn't allowed to utilize that same QR code for getting the permit to board a flight alternatively satisfy security check. For that he'll really have to breach the airline for getting his name on the passenger list, something that would raise alarm bells. However, it isn't so simple for fooling any gate into allowing someone to enter it using a fake QR program produced with no matter how simple an app. Uproxx.com posted this, August 8, 2016.

Hacker Jaroszewski told Wired that within just 10 seconds one could make counterfeit boarding passes one at a time with his application. The International Air Travel Association states that airlines are supposed to only be concerned about their lounges' security, so even if anyone hacked, he must have one legitimate ticket for entering any airport or then taking a flight. That's because passengers could undergo physical inspection before entering a gate, whilst the lounges of the airlines which hacker Jaroszewski aimed at usually had automated entrances.

It is terrible realizing that airlines' security continues to be weak. Meanwhile, within USA, using TSA screening rules for backstopping digital arrangements appears profoundly optimistic.

» SPAMfighter News - 8/11/2016