A Polish hacker is scheduled to present one of the more frightening apps in recent memory this week at the Defcon conference in Las Vegas. Przemek Jaroszewski, who heads the Polish Computer Emergency Readiness Team, showed a basic way to bypass security checkpoints at airports using just an Android app that generates fake boarding passes.
“With a set of easily available tools, boarding pass hacking is easier than ever, and the checks are mostly a security theatre,” Jaroszewski wrote in the event description. “I will demonstrate how easy it is to craft own boarding pass that works perfectly at most checkpoints (and explain why it doesn't work at other ones).”
Jaroszewski has apparently only used the app to access elite boarding lounges for airlines like his favourite, Turkish Airlines, according to reporting by Wired. Though the app can nominally let travellers in anywhere, Jaroszewski claims he’s only used it to go places he’s already allowed. He also claims, however, that it could be used to bypass no-fly lists.
That’s because security checks are mostly automated, with very little human verification.
“Effectively, we’re dealing with simple unencrypted strings of characters,” he writes, “Containing all the information needed to decide on our eligibility for fast lane access, duty-free shopping, and more…”
The International Air Travel Association says that airlines bear the responsibility for securing their lounges, and that airport security would prevent people from entering restricted areas using the app, according to Travel & Leisure. They say that Jaroszewski was able to use the app because lounges are often guarded by automated processes.
Watch the app in action below.
Like what you see? How about some more R29 goodness, right here?
It Takes Two: The Big Business Of Twinning On YouTube