NEWS
NEWS
NEWS
How To Get A Bomb On Board A Plane – Using A Barcode App
A newly discovered flaw with barcodes on US airline boarding passes could allow passengers to take unauthorized items onto flights, according to security experts.
The vulnerability has to do with the US Transport Security Administration (TSA) and its PreCheck program, which allows a certain number of frequent fliers on each flight to board the plane after undergoing less stringent security checks.
Passengers are selected for what’s known as “expedited screening” at random – the point being that they will never know until they arrive at the security checkpoint if they have to undergo more thorough checks or not.
Airport staff scan a barcode on each passengers boarding pass to see if they have been selected for expedited screening or not. Those chosen are not required to remove their belts, shoes and jackets, and can keep items such as laptops and toiletries.
However, there is a fundamental weakness with the barcode system – as these can be read by any smartphone using a bog-standard barcode reader app, meaning that passengers can print their boarding pass at home and find out whether or not they’ll be subject to heavier security checks.
The flaw was highlighted by security expert John Butler in his aviation blog last week, where he showed that the barcodes are not encrypted.
Butler explains that he wanted to expose the vulnerability because he is “seriously concerned with boarding pass security”.
He also points out that potential terrorist looking to carry dangerous materials on board a flight wouldn’t even have to wait until they got lucky, as it’s possible to easily alter the barcodes as well:
“What terrorists or really anyone can do is use a website to decode the barcode and get the flight information, put it into a text file, change the 1 to a 3, then use another website to re-encode it into a barcode,” he writes.
“Finally, using a commercial photo-editing program or any program that can edit graphics [they can] replace the barcode in their boarding pass with the new one they created.”
Butler also points out that terrorists could also change other information on the boarding pass too, such as the flight details or passenger name:
“The really scary part is this will get past both the TSA document checker, because the scanners the TSA use are just barcode decoders, they don’t check against the real time information.”
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
