A Greek hacker claims that he has found a way to generate free boarding passes that bypass airport security for any flight departing from a European airport using Apple’s virtual wallet app, Passbook. According to iTNews, 18-year-old Andrew Hariton plans to open up about the exploit in a presentation at the upcoming Hack in the Box security convention in Amsterdam on May 29.
“A computer and a smartphone is all that’s required for a method that puts to the test both physical and digital security,” Hariton writes in his Hack in the Box presentation abstract. “We will be using tools available to everyone to forge passes and look into methods of getting in the Security Restricted Area and even more importantly into the flight we desire.”
The alleged exploit lets users bypass the security protocols of ticket scanners used by airport staff before passengers board a flight. Normally those scanners check each boarding pass against the list of registered fliers. According to Hariton, however, the “malfunctioning” scanner software for EU airports does not have “direct access to the airliner database.”
Once he found a way in, Hariton said he could create boarding passes using Java and CSS in a web browser, which he could add to Passbook using the same interface developers use to send coupons and tickets to the app.
Hariton would not confirm or deny whether he has tested the exploit himself, though we’re willing to bet that he hasn’t, considering that an attempt to board a flight using a false ticket would likely result in his arrest.
- Hackers stole digital coins while a YouTube broadcaster advised about ICOs
- Amazon has fixed a bug that allowed hackers to listen in on Alexa devices
- Cortana flaw enables hackers to load malicious websites from the lock screen
- Hackers could have credit card numbers of 880,000 Orbitz users
- Patch your Windows 10 PC, now! Hackers are exploiting a zero-day flaw