Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hacker Holds Key To Free Flights

Soulskill posted about 6 months ago | from the TSA-bans-cell-phones-and-sitting-down-in-response dept.

Transportation 144

mask.of.sanity writes: "A security researcher says he has developed a method to score free flights across Europe by generating fake boarding passes designed for Apple's Passbook app. The 18-year-old computer science undergrad didn't reveal the 'bypass' which gets the holder of the fraudulent ticket past the last scanner and onto the jetway; he's saving that for his talk at Hack in the Box in Amsterdam next month."

cancel ×

144 comments

Sorry! There are no comments related to the filter you selected.

All I can say to that is... (0)

Anonymous Coward | about 6 months ago | (#46659919)

who?

Okay, but... (5, Insightful)

broginator (1955750) | about 6 months ago | (#46659923)

... how do you deal with the inevitable "Hey, you're in my seat" dilemma?

Re:Okay, but... (3, Interesting)

Overzeetop (214511) | about 6 months ago | (#46659961)

"Oh, I'm sorry - I must have grabbed the wrong row."
"Oh, I'm sorry - they said my seat assignment was provisional because I arrived so late, I'll find another one"

Board near the end of the boarding time and take a free center seat near the back -unless then plane is 100% full, you're golden.

Re:Okay, but... (4, Informative)

wonkey_monkey (2592601) | about 6 months ago | (#46660011)

Board near the end of the boarding time and take a free center seat near the back -unless then plane is 100% full, you're golden.

Except for the annoying habbit flight attendants have of counting the number of passengers.

Re:Okay, but... (1)

stewsters (1406737) | about 6 months ago | (#46660023)

Go sit in the bathroom until after they count?

Re:Okay, but... (2)

Plumpaquatsch (2701653) | about 6 months ago | (#46660109)

Go sit in the bathroom until after they count?

But don't close the door, else they count the occupied booth.

Re:Okay, but... (1)

bondsbw (888959) | about 6 months ago | (#46660205)

Don't they check bathrooms?

If they don't... maybe they should.

Re:Okay, but... (1)

Anonymous Coward | about 6 months ago | (#46660239)

They count the number of passengers who got on.

The number of passengers with tickets is usually higher. Even if it wasn't, they wouldn't deboard and fix it.

Re:Okay, but... (4, Informative)

wonkey_monkey (2592601) | about 6 months ago | (#46660525)

They count the number of passengers who got on.

The number of passengers with tickets is usually higher.

They don't compare the count to the number of tickets. They compare it to the number of people known to be getting on the flight, presumably these days from the number who've been scanned through security (in my airside days it was the number that had checked in at the desk, since this was before online check-in).

Re:Okay, but... (3, Interesting)

kyrsjo (2420192) | about 6 months ago | (#46660791)

They count the number of passengers who got on.

The number of passengers with tickets is usually higher.

They don't compare the count to the number of tickets. They compare it to the number of people known to be getting on the flight, presumably these days from the number who've been scanned through security (in my airside days it was the number that had checked in at the desk, since this was before online check-in).

.. Which this device claims to be able to get through (the jetway is after the last ticket check). So the numbers may actually match up...

Re:Okay, but... (1)

N1AK (864906) | about 6 months ago | (#46660347)

Not in my last 6 flights they haven't, at least not without trying to be incredibly covert about it which I seriously doubt. All these flights were within Europe or SE Asia, I don't know if head counts are more common in other regions.

Re:Okay, but... (0)

Anonymous Coward | about 6 months ago | (#46660369)

You're not observant enough. I've never been on a flight (anywhere in the US or europe) where they haven't done this. And yes, they're usually fairly covert about it.

Re:Okay, but... (2)

Deadstick (535032) | about 6 months ago | (#46660421)

...and it's not very hard to be covert when all you have to do is count the empty seats and subtract.

Re:Okay, but... (1)

Teun (17872) | about 6 months ago | (#46660823)

Ah, it must be the guy that carried his own seat...

Re:Okay, but... (4, Funny)

wonkey_monkey (2592601) | about 6 months ago | (#46660939)

Pfft, that's the stupid way. You count the number of legs and divide by two!

hairs on heads (0)

Anonymous Coward | about 6 months ago | (#46661765)

No.. your method doesn't account for zero, one, or three legged pax.

I propose: count hairs on heads, then estimate statistics for hairs/person, then develop a model for hair distribution, use that to estimate population based on number of hairs.

Re:Okay, but... (2)

kyrsjo (2420192) | about 6 months ago | (#46660805)

Usually they go down the aisle with a "clicker" - usually not very covert. The plane doesn't take off before the numbers match.

On a flight I was on, the numbers didn't match up, so they went through the cabin with a list of all passengers, asking each of us to tell them their last name (which they crossed off from their list), in order to figure out who wasn't inside the plane.

Re:Okay, but... (3, Interesting)

Zontar_Thing_From_Ve (949321) | about 6 months ago | (#46660509)

Not in my last 6 flights they haven't, at least not without trying to be incredibly covert about it which I seriously doubt. All these flights were within Europe or SE Asia, I don't know if head counts are more common in other regions.

Within the US they definitely count the passengers. I flew between Canada and Asia last year and I don't remember if they counted or not, but on flights within the USA they definitely do count. There was a rather embarrassing incident where a minor without a ticket of any kind got on a plane in the US and nobody ever did anything to make sure he was in the right place or even had a ticket for the flight. I think now all the airlines want to make sure that kind of thing never happens again, because if a kid can do it, an adult with bad intentions may be able to do ti too.

Re:Okay, but... (4, Funny)

yakatz (1176317) | about 6 months ago | (#46660583)

This sounds like part of the plot of Home Alone 2...

Re:Okay, but... (1)

wonkey_monkey (2592601) | about 6 months ago | (#46660539)

Didn't they check that everyone had their seatbelts on, their seats in an upright position, their belongings stowed in the overhead locker and had switched off all electronic devices?

Re:Okay, but... (1)

plopez (54068) | about 6 months ago | (#46660623)

Know the capacity of the aircraft. Count number of empty seats, a much easier task. Passengers=total seats-empty seats. It sounds like you would flunk a flight attendant interview....

Re:Okay, but... (1)

Obfuscant (592200) | about 6 months ago | (#46661603)

Count number of empty seats, a much easier task. Passengers=total seats-empty seats.

And you'd totally miss lap kids.

Re:Okay, but... (1)

BitZtream (692029) | about 6 months ago | (#46660745)

Its easy to be covert on nearly full flights, you just walk the plane and count empty seats, basic math gives you filled seats.

Re:Okay, but... (1)

Chelloveck (14643) | about 6 months ago | (#46660693)

Board near the end of the boarding time and take a free center seat near the back -unless then plane is 100% full, you're golden.

An empty seat? What's that? I don't fly a lot, but whenever I do they're bumping people because the flight's been so horribly overbooked.

Re:Okay, but... (1)

kyrsjo (2420192) | about 6 months ago | (#46660813)

Quite common if you're not picking the most popular flights. Tickets are usually cheaper as well.

Got my own 3-seater many times that way, rise the armrests it's a quick flight to dreamland :)

Age related trick (0)

Anonymous Coward | about 6 months ago | (#46660815)

This trick only works with 18 year olds. Only they are at the age when they can pretend to be younger and thus not have an ID and then say things like, "I was just waiting for my parents!" and "my phone must be broke!". LOL. That is the "trick". Its just all social engineering.

Re:Age related trick (1)

wonkey_monkey (2592601) | about 6 months ago | (#46660963)

Spoiler alert: they don't do the count until everyone's sitting down.

Re:Okay, but... (1)

dbIII (701233) | about 6 months ago | (#46661171)

And the even more annoying habit of flights being overbooked in the hope that someone will cancel.

Re:Okay, but... (1)

Wootery (1087023) | about 6 months ago | (#46661433)

Ah yes, the flight manifest [wikipedia.org] .

Re:Okay, but... (2, Funny)

Anonymous Coward | about 6 months ago | (#46660247)

"Oh, I'm sorry - I must have grabbed the wrong row."
"Sir, let me confirm your name with the flight manifest."
"Oh, I...um..."
(radios for security, man goes to prison under terrorism charges)

Re:Okay, but... (1)

Firethorn (177587) | about 6 months ago | (#46661829)

Terrorism, theft of services, impersonation of a law enforcement officer, impersonation of a federal official, I figure they can find a few more.

Re:Okay, but... (4, Funny)

RenderSeven (938535) | about 6 months ago | (#46660735)

Just whisper to them "Im the Sky Marshal watching that passenger over there. For everyone's safety find another seat and tell NO ONE." For bonus points, tap your non-existent shoulder holster under your sport coat.

Re:Okay, but... (1)

kyrsjo (2420192) | about 6 months ago | (#46660817)

Do sky marshals actually carry guns onto planes, loaded, in the passenger compartment?

Re:Okay, but... (1)

RenderSeven (938535) | about 6 months ago | (#46661153)

Yep. Or at least the ones I know do.

Re:Okay, but... (1)

jb11 (2683015) | about 6 months ago | (#46661179)

Do sky marshals actually carry guns onto planes, loaded, in the passenger compartment?

Yes, but they are highly trained to work in close quarters.

Re:Okay, but... (1)

CKW (409971) | about 6 months ago | (#46661205)

And then she goes to tell the real sky marshal that there is someone back there claiming to be in posession of a gun, and suddenly you're looking down the barrel of a real gun. Don't make any sudden moves!

(All flight staff are introduced to the marshal in person prior to the flight.)

Re:Okay, but... (1)

Anonymous Coward | about 6 months ago | (#46659979)

That wouldn't be an issue on an airline like Southwest.

Re:Okay, but... (-1)

Anonymous Coward | about 6 months ago | (#46660043)

Wow! When did Southwest get ETOPS approval to fly over the Atlantic Ocean???

Re:Okay, but... (1)

ColdWetDog (752185) | about 6 months ago | (#46660801)

Wow! When did Southwest get ETOPS approval to fly over the Atlantic Ocean???

They didn't. They just get lost [cbsnews.com] occasionally.

Re:Okay, but... (1)

Kookus (653170) | about 6 months ago | (#46660131)

get on the plane last...

Re:Okay, but... (1)

JoeMerchant (803320) | about 6 months ago | (#46660231)

Fly Southwest.

Re:Okay, but... (1)

pjt33 (739471) | about 6 months ago | (#46660679)

I don't think you're familiar with European budget airlines. You can choose your seat when booking if you're willing to pay extra. Maybe a dozen people per flight have reserved seats, and the rest work on the basis of first come, first served.

Re:Okay, but... (1)

kyrsjo (2420192) | about 6 months ago | (#46660829)

Usually you get a seat assigned when you check in. You can often ask for a specific seat (for no extra charge) then also - but of course you won't get first pick.

Re:Okay, but... (1)

Plumpaquatsch (2701653) | about 6 months ago | (#46660899)

I don't think you're familiar with European budget airlines. You can choose your seat when booking if you're willing to pay extra. Maybe a dozen people per flight have reserved seats, and the rest work on the basis of first come, first served.

Sure, but they will always check if there's an extra passenger on board, because else they may run out of fuel.

Re:Okay, but... (0)

Anonymous Coward | about 6 months ago | (#46661489)

This is actually starting to make sense now. This is nearly identical to how AMTRAK operates in the US. Except that AMTRAK scans the tickets while onboard.

What I think is happening is that the person in the OP intercepted the passbook request to the booking page to return something that looks like the booking page, but is really just the "confirm your purchase" data turned into the booking confirmation page. That way it gets the right data to use.

This is identical to how Amtrak works as well. When you book a ticket on amtrak and get a e-ticket you are sent a barcode. The barcode is XNNXXX-DDMMMYY which is the reservation number. So if you tamper with the code generated so it shows a valid reservation number, tada, nothing else is checked. It's made worse by Amtrak doesn't check ID unless you're crossing the border to/from Canada.

Re:Okay, but... (1)

ClosedEyesSeeing (1278938) | about 6 months ago | (#46661007)

Well, since this still happens with legitimately purchased tickets... I would assume the standard chaos would still ensue.

Or just be sure to pick really off hours flights to lower the chances.

Re:Okay, but... (1)

zoefff (61970) | about 6 months ago | (#46661101)

Fly cheap airlines, they don't do seat reservation

Um... (1)

Anonymous Coward | about 6 months ago | (#46659937)

Got to pick your flight carefully if you don't want to end up sitting on someone's lap (or vice versa).

Just don't fly out of Europe (4, Insightful)

bunyip (17018) | about 6 months ago | (#46659985)

You might get lucky and get an empty seat. Hint - pick a center seat in the last few rows, these seats suck. However, if you fly into the US or many other countries, they will have received a passenger manifest electronically from the airline. You'll have fun when you get to customs and there's no record of you...

Re:Just don't fly out of Europe (0)

Anonymous Coward | about 6 months ago | (#46660399)

The last rows are the absolute best in the whole plane because everyone thinks they're terrible.

Re:Just don't fly out of Europe (1)

Em Adespoton (792954) | about 6 months ago | (#46661853)

The last rows are the absolute best in the whole plane because everyone thinks they're terrible.

Shh! Everyone knows that they're both the most unsafe seats, and the worst overall, being so near the toilets... right?

Re:Just don't fly out of Europe (1)

Em Adespoton (792954) | about 6 months ago | (#46661841)

You might get lucky and get an empty seat. Hint - pick a center seat in the last few rows, these seats suck. However, if you fly into the US or many other countries, they will have received a passenger manifest electronically from the airline. You'll have fun when you get to customs and there's no record of you...

Why would there be no record of you? The airline has you recorded as checking in to that flight. The only part that's being skipped here is the billing part. Once you check in, you're in the airline's system. Of course, you might be checked in using someone else's check-in code, which could be a bit dicey come customs.

Last time I was on an aeroplane (0)

Anonymous Coward | about 6 months ago | (#46660013)

the ticket was a punch card.

Oh Crap (0)

Virtucon (127420) | about 6 months ago | (#46660045)

Another possible attack vector for terrorists. Unwittingly this guy is now going to make it a living nightmare for people flying around Europe for exposing this security flaw. Prepare for the requisite knee-jerk response from the EU and the US.

Re:Oh Crap (1)

ChunderDownunder (709234) | about 6 months ago | (#46660353)

I'd be more concerned about lax security allowing travel using stolen passports.

e.g. the two Iranian passengers on the missing Malaysian aircraft, travelling on euro passports stolen a year earlier.

Re:Oh Crap (1)

Em Adespoton (792954) | about 6 months ago | (#46661883)

Another possible attack vector for terrorists. Unwittingly this guy is now going to make it a living nightmare for people flying around Europe for exposing this security flaw. Prepare for the requisite knee-jerk response from the EU and the US.

What, for EXPOSING this flaw to the general public, instead of keeping it a secret that only miscreants, terrorists, and airline authorities know about?

You're right. It pulls up the curtain before the security theatre is ready.

show up early, print dupe boarding pass as kiosk (1)

Anonymous Coward | about 6 months ago | (#46660069)

You need to do this in two steps

1) Knowing the name of someone on the flight, get a copy of their boarding pass at one of the omnipresent selfcheckin kiosks in the terminal. This might be a bit tricky, perhaps shoulder surfing or social engineering? Even trash can rummaging (since people often get a new boarding pass when they check bags, etc.).
That gets you the seat assignment on the plane, and past the scanner.

2) Bogus boarding pass that matches your ID so you can get past the security checkpoint (the last time they check id for domestic flights). You could print this anywhere, and for all I know, your name is encoded in the funky barcodes. Or a legit boarding pass for another flight you've booked yourself on, perhaps on standby? (since they don't charge your credit card til you board)

3) A boarding pass with the seat number you have chosen (to be non conflicting with the the seat of the known passenger in #1) would probably be most effective at convincing the flight attendants that you are legit. If you're doing the late boarding, pick an empty middle seat approach, I'll bet "there's an App for that" that can produce a legitimate looking pass.

4) Bear in mind that if they get suspicious, there is a printed passenger manifest at the gate and they can fairly quickly walk down the aisle checking everyone. That's going to be hard to beat.

There's several social engineering steps that will be needed (as with any good con).

CSS? Does my seat come with extra padding? (4, Funny)

Anonymous Coward | about 6 months ago | (#46660081)

Whoa, talk about floating yourself relative to your original position! If the flight is full can I just sit aligned in the center?

Re:CSS? Does my seat come with extra padding? (1)

wonkey_monkey (2592601) | about 6 months ago | (#46661013)

Mod parent up. Go on, you know you want to.

Welcome to the No-Fly List (1)

Anonymous Coward | about 6 months ago | (#46660111)

When journalist Drew Griffin investigated flaws with the TSA in the US, he ended up on the no-fly list.
Another got raided by the feds: http://yro-beta.slashdot.org/story/13/10/25/1939214/feds-confiscate-investigative-reporters-confidential-files-during-raid

Guess what's going to happen to this guy ...

Re:Welcome to the No-Fly List (1)

Virtucon (127420) | about 6 months ago | (#46660153)

First rule of Fight Club is..

You do not talk about FIGHT CLUB.

Second rule is..

You do not talk about FIGHT CLUB.

Re:Welcome to the No-Fly List (2, Funny)

Anonymous Coward | about 6 months ago | (#46660223)

First rule of Flight Club is..

You do not talk about FLIGHT CLUB.

Second rule is..

You do not talk about FLIGHT CLUB.

Re:Welcome to the No-Fly List (1)

mbone (558574) | about 6 months ago | (#46660393)

Wrong.

The first rule of FLIGHT CLUB is...

You do not talk about how you got your tickets

Re:Welcome to the No-Fly List (1)

Anonymous Coward | about 6 months ago | (#46660511)

Second Rule of Flight Club is

You Don't Need Tickets

Re:Welcome to the No-Fly List (1)

Anonymous Coward | about 6 months ago | (#46660851)

Third Rule of Flight Club is
 
Where We're Going, We Don't Need Tickets

Re:Welcome to the No-Fly List (1)

Obfuscant (592200) | about 6 months ago | (#46661649)

Where We're Going, We Don't Need Tickets

You need a ticket, but only a one-way.

Re:Welcome to the No-Fly List (1)

mbone (558574) | about 6 months ago | (#46661743)

The Third Rule that you do not talk about the Second Rule.

Re:Welcome to the No-Fly List (1)

houstonbofh (602064) | about 6 months ago | (#46660211)

Seeing as how this was a hack only applicable in Europe, and he is giving the talk in Amsterdam, I doubt he cares about the US "No Fly List." However, rendition is still a possibility...

Re:Welcome to the No-Fly List (1)

Njovich (553857) | about 6 months ago | (#46660579)

To be fair, this is more of an airline issue than a TSA issue. As long as he has proper ID, passes security, and doesn't pose a threat, the TSA likely won't care one way or another. They never cared about fake tickets that could get you through security before in any case.

Of course, being able to get on a flight with this is new, so maybe they will suddenly start caring.

Re:Welcome to the No-Fly List (1)

Rich0 (548339) | about 6 months ago | (#46660669)

Uh, the TSA very much wants to know the identity of anybody boarding a plane. Any airline that allows somebody on a plane who wasn't on the manifest will get in really hot water, as will any passenger attempting something like this.

In the US a background check was run on you before you even arrive at the airport.

Or not... (1)

Plumpaquatsch (2701653) | about 6 months ago | (#46660157)

He said the model used in all EU airports to check the validity of tickets was "malfunctioning" noting they lacked "direct access to the airliner database", but wouldn't be drawn on whether he tested his research by boarding a flight.

Re:Or not... (1)

pla (258480) | about 6 months ago | (#46661213)

So you mean, he didn't admit to a variety of felonies in public?

Shocking.

Free? I think not (1)

sjbe (173966) | about 6 months ago | (#46660175)

Hacker Holds Key To Free Flights

Until you count the risk-weighted cost of getting arrested for fraud.

Congrats! (0)

Anonymous Coward | about 6 months ago | (#46660181)

Guess who just made it onto a whole bunch of lists!

I forsee many small rooms in this guys future. Filled with unhappy people with guns and badges wanting to talk to him.

Checkin will not allow double seating (1)

Anonymous Coward | about 6 months ago | (#46660197)

Lately, when I checkin for a flight, the software in the ticket scanner checks to see if the seat has already been scanned. If it has, it'll beep, if not then it marks it as now allocated.

Now if there are places in Europe that don't have that sort of checkin system then I can see it being vulnerable...

Re:Checkin will not allow double seating (4, Informative)

Nidi62 (1525137) | about 6 months ago | (#46660609)

Lately, when I checkin for a flight, the software in the ticket scanner checks to see if the seat has already been scanned. If it has, it'll beep, if not then it marks it as now allocated.

The gate agents also have access to electronic versions of the passenger manifest, and newer systems even display the names of passengers that are not yet checked in/on board/awaiting seat assignment next to a seatmap of the aircraft so they can be literally dragged and dropped to assign seats. If the boarding pass fails to scan, the first thing the gate agent will notice, either by looking at the list or manually typing in the passengers name, is that no one with that name is booked on the flight, either as a paying passenger or on standby. The name would have to match up with a person assigned to the flight, otherwise they will not let you on.

Picking a seat is easy (2)

ugen (93902) | about 6 months ago | (#46660235)

Seat maps are now available online realtime for most major airlines. So there is no need to guess - you can pick a right flight and an empty seat, do it right before the departure and it will likely remain empty.

On the other hand, my impression of gate check was that it checks boarding pass against database record of name/reservation/seat assignment. Certainly any other information maintained by gate agents is in the same remote database (such that any changes they perform at the gate become instantly visible online, for example standby and upgrade list status). So, no matter what the "local hack" is, it would only work if either:
- He can also hack remote passenger database (unlikely)
- Specific airline does not check passengers against the database and trusts properly constructed boarding pass (also unlikely, at least in US, as there needs to be positive match between passenger and loaded luggage that has to be performed based on that darn remote record).

There is also pesky passenger manifest with names, which again comes not from your boarding pass but from the remote system (though they need to reconcile with with reality).

Let's wait and see. Perhaps some of these conditions don't hold in Europe for whatever reason?

Re:Picking a seat is easy (2)

kuiken (115647) | about 6 months ago | (#46660915)

On the budget airlines there are no seat assignments, you can pay extra to get in the first queue. Once the gate opens its a dash for the 'best' seats

Re:Picking a seat is easy (1)

TheCarp (96830) | about 6 months ago | (#46661035)

> Let's wait and see. Perhaps some of these conditions don't hold in Europe for whatever reason?

You mean like it is all a bunch of unnecessary hoopla that costs way more than its worth for the nearly non-existent problems it solves?

18 year old "researcher"??? (0)

Anonymous Coward | about 6 months ago | (#46660257)

So exactly how many years of experience does this gent have as a, um, "researcher"? 18 year old comp sci "undergrad"? I.e.-- freshman? Ah, the innocence of the naive inexperienced youth!

This should be fixed, (-1, Flamebait)

Chrisq (894406) | about 6 months ago | (#46660349)

Just imagine if a Muslim got hold of this info

Re:This should be fixed, (1)

3.5 stripes (578410) | about 6 months ago | (#46661147)

Yeah, wouldn't want a muslim flying for free.

There is a downside (1)

mbone (558574) | about 6 months ago | (#46660381)

This might work fine, but if it didn't work you would probably get arrested, get put on a blacklist and, if it was really your day, get close attention from the likes of the French DGI. There is nothing like a week of interrogation to spice up your vacation.

But what did he end up flying on? Not that easy. (1)

Shag (3737) | about 6 months ago | (#46660449)

Most airlines have assigned seats. Most airlines have computers that know who's supposed to be in each seat and also know who's bought tickets. So on most airlines, that fake boarding pass is going to be pretty tricky. And using passbook is just a more hip way of the old "print a fake boarding pass" trick.

You could make a "no seat assignment" boarding pass, which often happens when a flight is booked full except for rows that are blocked (exits, front row of economy blocked for the handicapped, etc). Then you go to the gate, ask the gate agent for a seat assignment, all perfectly normal... except that you're not going to be in the computer, so at the very least, there's an element of social engineering.

You could make a "no seat assignment" boarding pass for an earlier/later flight, and if the computer at the gate were so dumb it didn't know about any flight but the current one, you might be able to "stand by."

Making a "no seat assignment" boarding pass for a different airline entirely ... well, they'd probably want to know why you had been sent over to them. And they'd probably want someone at the other airline to sign off on it. Odds might be a tiny bit better if the airline you chose was a partner, but not in a joint venture involving shared access to customer records. If Delta and Alaska both have flights between a pair of cities, make a fake boarding pass for the one that leaves first, show up at the other one after it's left, claiming you missed your flight and asking to stand by.

Of course there's also the non-rev standby category, but for that you need to fake an airline ID and uniform... and that's a lot more risky.

So I'm guessing this guy may be flying an airline that lacks assigned seats, and maybe isn't all that great at IT in general... which means congrats, you're getting flights on either Ryanair or something even worse, for £0 instead of £1 they usually charge. ;)

I don't know when I'll have the opportunity, but next time I'm heading through a certain airport where I have lounge access and am friends with the lounge staff, I'll see if I can make a few "modified" boarding passes and see what happens when they scan them, just for amusement. Like if I'm in economy on a domestic flight to Los Angeles, make one that says I'm in business class on the upper deck of a 747 to Tokyo, and see what they say when it doesn't show up in the computer.

Re:But what did he end up flying on? Not that easy (1)

Nidi62 (1525137) | about 6 months ago | (#46660557)

Of course there's also the non-rev standby category, but for that you need to fake an airline ID and uniform... and that's a lot more risky.

Non-rev standby doesn't work like that. You are thinking more of jump-seating for pilots and flight attendants, who must be in uniform and can just show up at a gate and get listed. Non-revs wear regular clothes and do not need to show ID at the gate, but when they check-in at the airport they need to have already made a reservation through their online company portal, or need to produce an airline ID to the ticket agent if they are booking the flight day of. But trying to fake either of those, especially jump-seating, is a good way to earn yourself a nice little vacation in federal prison.

Re:But what did he end up flying on? Not that easy (0)

Anonymous Coward | about 6 months ago | (#46660921)

Like if I'm in economy on a domestic flight to Los Angeles, make one that says I'm in business class on the upper deck of a 747 to Tokyo, and see what they say when it doesn't show up in the computer.

We'll make sure to write to you in Gitmo.

Iron Man challenge (2, Funny)

Kamamura (235695) | about 6 months ago | (#46660649)

For hackers with balls, try that on Air Force One.

"Hey, Mr. President, this is my seat!"

what the hell? (1)

slashmydots (2189826) | about 6 months ago | (#46660751)

Who the hell would accept a digital image of a boarding pass? I could make a fake one so easily and just imitate the app. Or I could snap a shot of someone else's pass and then swap out the info. What airport in the world would possibly accept something so unbelievably unreliable?

Re:what the hell? (1)

Teun (17872) | about 6 months ago | (#46661027)

Uhhh, all airlines I fly with and at virtually all airports accept a digital boarding pass.

You need to check in on-line, less than 24 hrs. before the flight and in return you get a mail with a QR code.
At the airport you just show your phone displaying the code, both at immigration, at security and at boarding.

Also realise there is no Immigration between the EU Schengen countries.

Re:what the hell? (1)

wonkey_monkey (2592601) | about 6 months ago | (#46661061)

Who the hell would accept a digital image of a boarding pass?

Err, everyone, on every flight I've taken in the last few years (which admittedly isn't many). A QR code in an email sent to my phone is my boarding pass. A scanner reads it, presumably displays my details to the security guy, and he checks my ID.

I could make a fake one so easily and just imitate the app.

Off you go then.

It's not like someone scrawled "Boerd!ng Pars" on the back of an envelope with a crayon.

Re:what the hell? (1)

MrMickS (568778) | about 6 months ago | (#46661173)

I've not taken a flight in the last couple of years, between a number of European countries, that I've not used a QR code on my phone as the boarding pass. Given that its a QR code even if you take a snapshot of someone else's how are you going know what details to swap out? The other information there is for the user only, its not used by the scanner.

Better watch out for himself (1)

EmagGeek (574360) | about 6 months ago | (#46660763)

"he's saving that for his talk at Hack in the Box in Amsterdam next month"

He'll be in a CIA torture chamber before then if he's not careful.

Re:Better watch out for himself (1)

PPH (736903) | about 6 months ago | (#46661019)

At least he'll be taking the train there.

Domestic flights, maybe (0)

Anonymous Coward | about 6 months ago | (#46660861)

This kind of shit won't fly (pun intended) internationally, where every passenger list is carefully checked. At the very least, you'd be stopped at the destination airport; they'd probably notice a seat that's supposed to be empty too.

Also, to everyone worried about terrorism: You still need to go through security. The only difference this makes is whether you have to pay for a ticket to get on the flight. That is not commonly an impediment to terrorists.

Bullshit (4, Informative)

aepervius (535155) | about 6 months ago | (#46661039)

All the CKI system i know of, count the pax boarded against the pax list in the CKI system. If they find a discrepancy, they check the one in addition and ask to check the ticket. Good luck making your explaining.

The bottom line was that the secure (relatively) thing is not the boarding pass but the ticket. Now if you could free ticket i would be downright impressed. Free boarding pass have long been known to be insecure. They are not there to be secure but to count boarded pax on the system against real boarded on plane, to be able to remove the one which are No-Show and remove their baggage.

And confirmation of BS : (3, Insightful)

aepervius (535155) | about 6 months ago | (#46661107)

"He said the model used in all EU airports to check the validity of tickets was "malfunctioning" noting they lacked "direct access to the airliner database", but wouldn't be drawn on whether he tested his research by boarding a flight."

To that I have to say only "yeah , right" as in very sarcastic. Some airline in europe have spearheaded the interline and ground handling electronic exchange between TKT and CKI systems (using edifact messages TKCREQ, TKCUAC, TKCRES) since.... 2001. Even the medium airline are using the itnerline access. only very very small airline are still using offline process like ETL list.

That "security" researcher never checked in real life its results.

Permanent DNF (1, Insightful)

wiredlogic (135348) | about 6 months ago | (#46661199)

This kid is asking to be put on a permanent Do Not Fly list. Emperors don't like peons who point out their absence of clothes.

Free flight ... to prison (1)

davidwr (791652) | about 6 months ago | (#46661637)

Getting on the plane is only part of the "game."

Unless you plan on doing something bad on the plane that will get you arrested or killed anyways, you also have to never be caught, even after the fact. Or at least delay your capture until all relevant criminal and civil statutes of limitations have run out.

Given that there are cameras everywhere these days, "Good luck with that."

Even then you have to worry about countries retroactively extending the statutes of limitations if their Constitutions/Basic Laws/whatever allow for it (In the last 10-20 years, California [USA] retroactively re-instated the right to sue for damages for certain decades-old torts).

To those who say "it's the bad guys who plan on hurting themselves or others once onboard" I say "You are right, that is an issue that needs to be addressed, but that's outside the scope of my comment, please start another thread."

Kind of already been done (0)

Anonymous Coward | about 6 months ago | (#46661871)

There's somebody in the US already doing this with Delta boarding passes - https://www.netspi.com/blog/entryid/208/sky-prioritize-yourself

18 year old? (1)

Anonymous Coward | about 6 months ago | (#46662087)

legally adult? welcome to jail.

of course, when the talk happens, it will have all been blown out of proportion and it turns out he just found some checksum hack that gets him into the security area, not onto the actual plane in any meaningful way.

note how the article says he can *board* a plane. that's the key to this article. it doesnt say he has any chance of successful travel.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?