Airline Boarding Passes Can Be Hacked to Avoid Security Checks

aviation outlook


The Transportation Security Administration's (TSA) new pre-screening system “pre-check,” may have a security flaw which allows passengers to know in advance whether they will be subject to the standard security check at the airport.

Travellers who opt in to the system — usually already frequent fliers — are vetted by the TSA, and then are randomly chosen to undergo less intensive security screening at the airport. They don’t have to remove their shoes, laptops, or liquid items. TSA receives the passenger information from the airlines themselves, but the security agency makes the final determination on each passenger, and then encodes his or her security status in the barcode printed on the boarding pass.

According to the TSA website, the passenger is not allowed to know beforehand the result of the pre-check and whether he will go through the express and simplified check or not.

However, according to Butler, the boarding pass barcode is not encrypted, and can be read by anyone with a scanner or appropriate smartphone app. What’s more, a passenger could even modify that information and reprint the boarding pass, fooling the whole system.

When asked, the TSA refused to comment about this vulnerability or whether they consulted a cryptography or security expert when they devised the system. Instead, they sent the following statement:

“TSA stays ahead of those with intentions to manipulate boarding passes by layering its protective measures in ways that are both seen and unseen.”

The organization refused to elaborate on what those measures are.

For security experts, the system is a disaster. “Letting passengers determine their Precheck/regular screening status at home, before they get to the checkpoint is a total security failure,” tweeted Chris Soghoian, a famous security researcher who in 2006 created a website that generated fake boarding passes to denounce the poor security of the passes and how easy it was to evade the no fly-list.