Flaw in TSA Boarding Passes Lets You Print New Tickets to Skip Screening
October 25, 2012 4:04 PM
Vulnerable information could help malicious parties plan attacks
U.S. Transportation Safety Administration
spent hundreds of millions
of dollars to
blanket the nation's airports
"nude" full-body scanners
. However, base security still relies heavily on
-- pat-downs and luggage scans -- amid concerns regarding the efficacy of the
I. TSA Uses Unencrypted Barcode Info to Designate Not-so-Random "Random" Searches
That's why the findings of an aviation blogger -- John Butler -- are particularly troubling. They represent a serious compromise in security procedures by allowing passengers to know, via inspecting their barcode, whether they will be subject to conventional screens.
his findings to his blog
The flaw is specific to the TSA's pre-screening program. That program allows frequent fliers to pay a fee to get to skip certain digital screening requirements. Passengers who pay the fee get to carry on approved liquids in their luggage, don't have to remove their personal electronics, and can keep their belts/shoes on, when travelling through the scanners.
The idea is that the passengers are pre-screened to try to weed out potential violent threats, and then to use the possibility of random screens to deter any would be terrorists from going to great lengths to try to exploit the program.
Except the screens weren't random. According to Mr. Butler, they appear to be pre-determined, and worse yet the barcode on your ticket tells -- without encryption -- whether you will be screened.
The decoded contents of Mr. Butler's boarding pass. [Image Source: PuckInFlight]
The majority of the barcode encodes your name, flight number, departure city, destination city, seat number, etc. But the final encoded number is a mysterious '1' or '3'. The number encodes a number of beeps that prompts the TSA agents -- in predetermined fashion -- whether to screen the passenger (1 beep means no conventional pre-check, 3 beeps means to do a conventional pre-check).
II. Want to Illegally Skip Security? Print a Modified Boarding Pass
As Mr. Butler points out, a malicious flyer could read their bar code information, then re-encode a new bar code with the '3' replaced with a '1'. The blogger summarizes:
What terrorists or really anyone can do is use a website to decode the barcode and get the flight information, put it into a text file, change the 1 to a 3, then use another website to re-encode it into a barcode. Finally, using a commercial photo-editing program or any program that can edit graphics replace the barcode in their boarding pass with the new one they created. Even more scary is that people can do this to change names. So if they have a fake ID they can use this method to make a valid boarding pass that matches their fake ID. The really scary part is this will get past both the TSA document checker, because the scanners the TSA use are just barcode decoders, they don’t check against the real time information. So the TSA document checker will not pick up on the alterations. This means, as long as they sub in 3 they can always use the Pre-Check line.
Sterling Payne, in
a comment to
The Washington Post
, refused to say whether Mr. Butler's findings were accurate or not. He comments, "TSA does not comment on specifics of the screening process, which contain measures both seen and unseen. TSA Pre Check is only one part of our intelligence-driven, risk-based approach."
The Washington Post
, many boarding passes come with verification codes, which could prevent the attack from being carried out. However, the publication notes that some boarding passes are marked as "unverified" and appear to still be validated. As boarding passes can be printed up to 24 hours in advance, attackers could have a window of opportunity to analyze and modify an unverified pass.
A modified unverified pass could offer a free pass through security.
[Image Source: OC Register]
, an advocate at the
American Civil Liberties Union
, said poor security is nothing terribly new for the TSA. He created a website back in 2006 that allowed people to create fake boarding passes to test TSA security.
He comments on the latest hole, "If you have a team of four people [planning an attack], the day before the operation when you print the boarding passes, whichever guy is going to have the least screening is going to be the one who’ll take potentially problematic items through security. If you know who’s getting screened before you walk into the airport, you can make sure the right guy is carrying the right bags."
The temptation, he points out, might be to use profiling or other tactics, but he notes the ACLU opposes them. He says such methods are unnecessary, if the TSA just did its job and encrypted the information on the passes. At the end of the day that's the same conclusion Mr. Butler came to.
Both men made it clear that they did not test the attack by printing fake boarding passes. Mr. Butler stated that he believed that was a "legally grey area and morally black one", while
The Washington Post
suggests, "[It] is illegal to tamper with a boarding card under U.S. law."
Puck In Flight [John Butler]
The Washington Post
"And boy have we patented it!" -- Steve Jobs, Macworld 2007
Appeals Court Bends Over For TSA, Punts "Prompt" Nude Scanner Hearings
September 27, 2012, 7:29 AM
TSA Refuses to Hold Public Hearings on Nude Scanners, Court Chimes In
August 2, 2012, 10:45 AM
TSA Patdown Leaves 6-Year Old in Tears, Gov't Defends Actions
April 14, 2011, 10:01 AM
TSA Worker Assaults Boss After Body Scanner Reveals Genitalia
May 7, 2010, 1:50 PM
DHS Begins Mass Rollout of Airport Scanners Despite Health, Privacy Risks
March 8, 2010, 10:30 AM
PIQ ROBOTTM reveals its new artificial intelligence software
November 29, 2016, 12:59 AM
One more time - Happy Thanksgiving to Everyone Around the World
November 24, 2016, 4:00 AM
Google’s Smart Contact Lens Project gets halted for 2016
November 20, 2016, 7:00 AM
Cell Research Study shows African Americans have greater immune response to infection
November 10, 2016, 1:00 AM
UTHealth Clinical Trial Shows Progress Using Stem Cells to Treat Traumatic Brain Injury
November 8, 2016, 1:00 AM
Uber Partners with Circulation to Pilot Program Connecting Transportation and Digital Health Care
November 6, 2016, 5:00 AM
Most Popular Articles
OnePlus 3T – 5.5” Optic AMOLED and Dash Charging Technology
March 23, 2017, 8:45 AM
Gigabyte GA-Z170X-Gaming G1 – Intel Thunderbolt 3 Certified Motherboard
March 9, 2017, 6:25 AM
Huawei P8 Lite 2017 – Android 7 Nougat Smartphone with Octa-Core Processor
March 8, 2017, 7:03 AM
Lenovo ThinkPad T460 - Ultra-Thin and Feather-light
March 3, 2017, 6:00 AM
Nokia has ditched this camera technology in its new smartphones
March 7, 2017, 8:45 AM
Latest Blog Posts
Uber Technologies Inc Driverless Car hit by Human-driver
Mar 30, 2017, 8:00 AM
Android Creator and New Bezel-less Smartphone
Mar 29, 2017, 10:28 AM
More Apps From Google
Mar 28, 2017, 7:15 AM
Are you thinking of performance and speed? Intel claims:
Mar 25, 2017, 7:45 AM
Apple buys an automation app called Workflow. The deal was completed today and brings the app along with its developers.
Mar 23, 2017, 7:35 AM
Apple Announces new color for iPhones and iPads
Mar 22, 2017, 7:45 AM
Instagram: You Can Now Save Live Videos For Later
Mar 21, 2017, 7:49 AM
Samsung Galaxy S8 to Get New Color Scheme
Mar 20, 2017, 7:45 AM
What else to worry about?
Mar 17, 2017, 6:45 AM
Icon of the Day: Intel/ NVIDIA or Mobileye
Mar 16, 2017, 6:15 AM
JUST IN - Twitter Hijacked : High-Profile Account Accesses
Mar 15, 2017, 7:07 AM
Mar 14, 2017, 7:30 AM
News and Tips
Mar 13, 2017, 6:30 AM
iPhone 8 – May Not Get Curved Screen
Mar 11, 2017, 8:00 AM
California paves way to self-driving car tests without humans
Mar 11, 2017, 7:18 AM
Smart Machines V hackers
Mar 10, 2017, 7:00 AM
Uber Can Resume Autonomous Car Testing in California
Mar 9, 2017, 6:50 AM
Mar 8, 2017, 7:09 AM
Mar 7, 2017, 8:45 AM
World news 3-6
Mar 6, 2017, 5:40 AM
Mar 4, 2017, 7:40 AM
Mixed News of the Day
Mar 4, 2017, 6:32 AM
More Blog Posts
Copyright 2017 DailyTech LLC. -
Terms, Conditions & Privacy Information