Print 27 comment(s) - last by JKflipflop98.. on Oct 28 at 3:59 AM

  (Source: Lifehacker)
Vulnerable information could help malicious parties plan attacks

The U.S. Transportation Safety Administration has spent hundreds of millions of dollars to blanket the nation's airports in "nude" full-body scanners. However, base security still relies heavily on conventional searches -- pat-downs and luggage scans -- amid concerns regarding the efficacy of the nude scanners.

I. TSA Uses Unencrypted Barcode Info to Designate Not-so-Random "Random" Searches

That's why the findings of an aviation blogger -- John Butler -- are particularly troubling. They represent a serious compromise in security procedures by allowing passengers to know, via inspecting their barcode, whether they will be subject to conventional screens.

Mr. Butler published his findings to his blog PuckInFlight.

The flaw is specific to the TSA's pre-screening program.  That program allows frequent fliers to pay a fee to get to skip certain digital screening requirements.  Passengers who pay the fee get to carry on approved liquids in their luggage, don't have to remove their personal electronics, and can keep their belts/shoes on, when travelling through the scanners.

The idea is that the passengers are pre-screened to try to weed out potential violent threats, and then to use the possibility of random screens to deter any would be terrorists from going to great lengths to try to exploit the program.

Except the screens weren't random.  According to Mr. Butler, they appear to be pre-determined, and worse yet the barcode on your ticket tells -- without encryption -- whether you will be screened.

Boarding pass wide
The decoded contents of Mr. Butler's boarding pass. [Image Source: PuckInFlight]

The majority of the barcode encodes your name, flight number, departure city, destination city, seat number, etc.  But the final encoded number is a mysterious '1' or '3'.  The number encodes a number of beeps that prompts the TSA agents -- in predetermined fashion -- whether to screen the passenger (1 beep means no conventional pre-check, 3 beeps means to do a conventional pre-check).

II. Want to Illegally Skip Security? Print a Modified Boarding Pass

As Mr. Butler points out, a malicious flyer could read their bar code information, then re-encode a new bar code with the '3' replaced with a '1'.  The blogger summarizes:

What  terrorists  or really anyone can do is use a website to decode the barcode and get the flight information, put it into a text file, change the 1 to a 3, then use another website to re-encode it into a barcode. Finally, using a commercial photo-editing program or any program that can edit graphics replace the barcode in their boarding pass with the new one they created. Even more scary is that people can do this to change names. So if they have a fake ID they can use this method to make a valid boarding pass that matches their fake ID. The really scary part is this will get past both the TSA document checker, because the scanners the TSA use are just barcode decoders, they don’t check against the real time information. So the TSA document checker will not pick up on the alterations. This means, as long as they sub in 3 they can always use the Pre-Check line.

Sterling Payne, in a comment to The Washington Post, refused to say whether Mr. Butler's findings were accurate or not.  He comments, "TSA does not comment on specifics of the screening process, which contain measures both seen and unseen.  TSA Pre Check is only one part of our intelligence-driven, risk-based approach."

According to The Washington Post, many boarding passes come with verification codes, which could prevent the attack from being carried out.  However, the publication notes that some boarding passes are marked as "unverified" and appear to still be validated.  As boarding passes can be printed up to 24 hours in advance, attackers could have a window of opportunity to analyze and modify an unverified pass.

TSA screener
A modified unverified pass could offer a free pass through security.
[Image Source: OC Register]

Chris Soghoian, an advocate at the American Civil Liberties Union, said poor security is nothing terribly new for the TSA.  He created a website back in 2006 that allowed people to create fake boarding passes to test TSA security.

He comments on the latest hole, "If you have a team of four people [planning an attack], the day before the operation when you print the boarding passes, whichever guy is going to have the least screening is going to be the one who’ll take potentially problematic items through security.  If you know who’s getting screened before you walk into the airport, you can make sure the right guy is carrying the right bags."

The temptation, he points out, might be to use profiling or other tactics, but he notes the ACLU opposes them.  He says such methods are unnecessary, if the TSA just did its job and encrypted the information on the passes.  At the end of the day that's the same conclusion Mr. Butler came to.

Both men made it clear that they did not test the attack by printing fake boarding passes.  Mr. Butler stated that he believed that was a "legally grey area and morally black one", while The Washington Post suggests, "[It] is illegal to tamper with a boarding card under U.S. law."

Sources: Puck In Flight [John Butler], The Washington Post

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Poster ATAT on 10/25/2012 7:04:53 PM , Rating: 2
Did anyone consider the possibility that it could be a reverse tactic to trick people into thinking that they won't be screened, but in fact will?

OK, not yet, but now that the cat is out of the bag, it's a way to play the terrorists, let them think they won't be screened when in ... oh never mind, we're talking the TSA.

I am glad that finally they are screening based on risk.
The Israelis have been doing that since the 80's works pretty good for them.

It sounds like we're doing an improved version, with deeper back ground checks. I'm all for that, and if we lose one or two planes every few years, well, we have car wrecks and catch diseases because we interact with others, a certain level of accepted risk promotes freedom of movement and gained opportunities for wealth and prosperity and security and even more health and life.

Sometimes, increased risk means more productivity and from that extra wealth, more health and much less 'risk' in the end. Better than the dangers of living in chains with less time / opportunities lost, salvations squandered.

More freedom = more wealth = more safety for all.

RE: Finally
By woody1 on 10/26/2012 11:42:34 AM , Rating: 3
Sounds like you're pushing a Libertarian fantasy. The reality is that if terrorists were successfully in bringing down planes on a regular basis, the airlines would take a huge beating financially and businesses would suffer because employees would be less willing to travel when business needs call for them to. Leisure industries would also be slammed by reductions in tourism.

Other than in Libertarian fantasy world, I don't see how that would result in greater wealth. The fact is that the current TSA checks are inconvenient, but not nearly as annoying as other "free market" actions by the airlines, such as charging more money for more cramped seats, gouging for baggage fees, boarding perks, bad food, etc. Capitalism is great, but it doesn't always produce an optimal experience.

"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki