Hacker Uses Fake Boarding Pass App To Get Into Fancy Airline Lounges (helpnetsecurity.com) 55
An anonymous reader quotes a report from Help Net Security: Przemek Jaroszewski, the head of Poland's Computer Emergency Response Team (CERT), says anyone can bypass the security of the automated entrances of airlines' airport lounges by using a specially crafted mobile app that spoofs boarding pass QR codes. He created one for himself, and successfully tried it out on a number of European airports. Usually, to enter these lounges, travelers need to let the scanner at the entrance scan the QR code on their boarding pass, and the doors open automatically. Jaroszewski created an Android app that creates fake but acceptable QR codes. He says that aside from a valid flight number, the QR code doesn't have to include correct information (traveller's name, flight destination, etc.). According to WIRED, the U.S. Transportation Security Administration (TSA) and the International Air Transport Association (IATA) don't consider this particular issue a problem that needs fixing. They said "any such boarding pass security flaw would be the airlines' issue." Here is an unlisted video of the hack in action.
Airport lounges suck (Score:2)
Re: (Score:2)
Re: (Score:2)
Thomas Cook tourists from England. Drunk, loud, red sunburnt skin, loud, messy, loud, zero manners, loud. An absolute menace at every holiday destination. Almost as bad as rich Russians who think everything is theirs to damage and everybody is there to serve them only.
Re: (Score:2)
Thomas Cook tourists from England. Drunk, loud, red sunburnt skin, loud, messy, loud, zero manners, loud. An absolute menace at every holiday destination. Almost as bad as rich Russians who think everything is theirs to damage and everybody is there to serve them only.
As somebody who lives in Central Europe (which, to most Brits, is apparently the same thing as Eastern Europe), I can fully attest to your observations. British tourists are incredibly uncultured and rude compared to pretty much all other tourists you see around here. Which is quite funny when you think about how, historically, they tended to portray themselves as more sophisticated than other folk*. Rich Russians are a menace, especially if they're anywhere near a car, but they have a niveau of behavior yo
Re: (Score:2)
There are some concierge services that require showing higher permissions, but those are few, and inconsistent.
Re: (Score:3)
I've been in the "1st class" lounges in the US and Australia,
Not sure where you are, but out West, the lounge that was once full of business travellers in suits is now full of FIFOs (fly-in, fly-out mine workers), many in safety-boots and hi-vis clothing. Times have changed.
Re: (Score:2)
Re: (Score:3)
I've been in the "1st class" lounges in the US and Australia, and they lump in all the eligible people into a single lounge. There are some concierge services that require showing higher permissions, but those are few, and inconsistent.
That's US and Australian airlines. People who travel on those airlines are so classless they could be a communist utopia.
Try flying someone like Singapore, they separate their business and first class lounges and their business class lounges are better than any others I've seen, especially in Changi.
Then again, there isn't a credit card I know of that will get you entry (unless it's paying a fee) so you need to have a business class ticket or be a Krisflyer member with status... which you only get wi
Re: (Score:2)
Re: (Score:2)
Before a 1st class flight to Korea from the US (I think from Chicago) I found myself being directed to a first class lounge as I started in the direction of the lounge. It wasn't like they said "The first class lounge is over here if you care to use it", it was more a case of being told "No, don't even think of going to the usual lounge. Get in this elevator right now".
It was not different to the usual lounge, except for being smaller and less worn down by masses of people. But they were very insistent that
Re:Airport lounges suck (Score:5, Funny)
Because nobody [nypost.com] could figure out a way to scam freebies off airlines first class programs.
Re: (Score:2)
I really DO have to agree. None of them are really "fancy".
Re: (Score:2)
As a frequent flyer, I don't need them to be fancy, just to be quieter than the main areas, to have some snacks, a shower, a clean toilet, comfortable chairs ...
Re:Airport lounges suck (Score:5, Informative)
Yup. I'm lucky that my employer pays for biz class for intl flights over 9 hours, so I see a few of them. IMO, the red carpet club is the worst, usually packed with sweaty folks trying to shovel as many of the trail mix snacks and coffee they can into their gobs. The "bar" is useless and sternly managed by a crone in a vest. Don't forget the obligatory USD 1 tip or she'll get grumpy. Tokyo and SFO are the worst. If you're smart, you'll find another airline's Gold lounge where they let you pour your own and eat real food. ANA is okay and has the magic beer pouring machine, EVA is good and generous with the booze. The best are the first-class lounges though, which I've only been in rarely as a guest of a super-miler. EVA's in Taipei was really good. The best overall lounge so far was Virgin's biz lounge in Hong Kong. I ate everything they had on the menu and their martinis were great.
Re: (Score:2)
Re: (Score:2)
I heard good things about Virgin. A while ago I made regular trips from Amsterdam to Tokyo on KLM, with a few co-workers flying in from London on Virgin. After their description of the lounge and the in-flight service I was sorely tempted to grab a flight to London on my own dime and hop on that Virgin flight instead of sticking with KLM, just to experience a service where people actually make an effort (KLM isn't terrible, but it feels like they always do as little as they can get away with).
The fanciest service I've ever had from an airline was by KLM. It was in business class where they served breakfast on fine china for a 50 minute flight. Of course, that was a decade ago so perhaps they aren't nearly as fancy any more? I fly first on United and Delta from time to time and it has never ever been as amazing as that one flight by KLM. The lounges are great for long flights but I don't ever bother on domestic travel. Oh how times have changed.
Re: (Score:2)
I heard good things about Virgin. A while ago I made regular trips from Amsterdam to Tokyo on KLM, with a few co-workers flying in from London on Virgin. After their description of the lounge and the in-flight service I was sorely tempted to grab a flight to London on my own dime and hop on that Virgin flight instead of sticking with KLM, just to experience a service where people actually make an effort (KLM isn't terrible, but it feels like they always do as little as they can get away with).
The fanciest service I've ever had from an airline was by KLM. It was in business class where they served breakfast on fine china for a 50 minute flight. Of course, that was a decade ago so perhaps they aren't nearly as fancy any more? I fly first on United and Delta from time to time and it has never ever been as amazing as that one flight by KLM. The lounges are great for long flights but I don't ever bother on domestic travel. Oh how times have changed.
Rather more recently (last December) I took business class to Guanzhou, China on China Southern airlines. It was the best international business class I've been in, and I've been in a few. In contrast, I came back on business class with Canadian airlines and it was the worst international business class I've been in.
Re: (Score:2)
Virgin's 'upper class' lounge in LAX do a nice burger and don't charge you for vodka.
It's just not worth the extra $1500 on the flight.
Re: (Score:2)
The Virgin "Upper Class" section across the Atlantic has a bar you can sit at. Pretty cool.
But flying on these little airlines freak me out because a bad weather delay can really mess you up if there are just a few flights per day.
Re: (Score:2)
EVA's in Taipei was really good.
They made you sit OUTSIDE the fuselage? What was economy class like?!?
Fraud (Score:1)
Re: (Score:2)
Oh, yes. I'm sure the head of Poland's Computer Emergency Response Team would be worried about having the authorities throw the book at him. Especially when the authorities say that this is not something that they care about and it is up to the airlines to worry about it.
Surely if anyone says that they were "just testing the security" then it would be him.
Re: (Score:2, Insightful)
I don't know what is the purpose of the Poland Computer Emergency Response Team. Protecting the local companies who offer cheap IT labor against the Indian hackers who work for the competition?
Re: (Score:1)
They're fighting Russian hackers and Russian, American and Israeli spies (APT-s). Read their reports.
Re: (Score:1)
They're fighting Russian hackers and Russian, American and Israeli spies (APT-s). Read their reports.
Yeah I'm sure there's a small army of NSA spies hidden in a room somewhere trying to "hack" Poland and steal all that valuable data. They probably sit next to the black ops team that's planning a coup in Cape Verde.
Re: (Score:2)
Scene: Meeting of Polish Government Officials (Score:1)
Polish Government Official #2: Howdy. A Big Yesiree!
Polish Government Official #3: Like totally, man...
(Awkward Silence)
Polish Government Official #1: Are there any real Pollacks here or are we all plants?
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
he's not in "the land of the free", so walking through a lounge is unlikely to get him into any serious trouble. good luck proving he did anything other than walk through it. had this happened in the US of A, i'd fully expect him to be locked up on terrorism charges.
Unlisted video? (Score:1)
What's the significance of an "unlisted video?" It's linked right there and from dozens of other websites. That's like saying I have an unlisted phone number and putting it up on a billboard.
Re: (Score:3)
Did he get onboard a flight he didnt pay for? (Score:2)
Re: Did he get onboard a flight he didnt pay for? (Score:3)
I don't know where you live, but around here the food and drinks are free in the airline lounges.
Re: (Score:2)
Re: (Score:2)
Then what do they offer over the general waiting area? the whole attraction of airline lounges here is free food/booze/showers.
Re: (Score:2)
Then what do they offer over the general waiting area? the whole attraction of airline lounges here is free food/booze/showers.
No. The attraction is basic amenities and separation from the thronging masses.
Quick HowTo (Score:5, Informative)
Nothing that's a big secret about this.
Download the IATA Resolution 792, you'll see in section 2.5 the data structure of the bar code for a boarding pass. Then generate the necessary barcode from the resulting ASCII string.
You'll probably need to check the Internet archive, because these resolutions were freely downloadable until a couple of years ago and then they were put behind a paywall... Free to $1500-$4500? Really?
You can use this to generate airline boarding passes too, but all the mobile passes I have seen have a digital signature appended to the end of it. The paper ones they hand out at the airport lack a digital signature.
Oh, and United Clubs actually look up your flight info, FYI.
Re: (Score:2)
Re: (Score:2)
It's missing a bunch of info such as what's legal data for each field, and the missing documents fill you in on a few of those. Even so, they are also incomplete.
But yes, that's a good start.
It took me quite a long time to figure out the codes for some fields, like TSAPre and Secondary Screening. The first because I had one, the second only from someone who posted in their blog about being mishandled by the TSA and helpfully posted a picture of the boarding pass with the barcode.
Re: (Score:2)
Best way to fix it.. (Score:1)
Spread the app as far and wide as possible.
Once the lounges get overcrowded, watch them react.
Re: Best way to fix it.. (Score:2)
So the best way to fix a non problem is to make it a problem?