Want to know if you're in for a date with Doctor Jellyfinger the next time you go to the airport? Just print out your boarding-card and scan in the barcode: it encodes whether you're getting the "full security screening" or just the normal humiliation. Information about this vulnerability spread after a John Butler blog-post documented it. Not only can you discover if you're headed for the full monte, but you can also change your screening status by re-encoding the barcode with a different search-depth attached to your reservation.
I have X’d out any information that you could use to change my reservation. But it’s all there, PNR, seat assignment, flight number, name, ect. But what is interesting is the bolded three on the end. This is the TSA Pre-Check information. The number means the number of beeps. 1 beep no Pre-Check, 3 beeps yes Pre-Check. On this trip as you can see I am eligible for Pre-Check. Also this information is not encrypted in any way.
What terrorists or really anyone can do is use a website to decode the barcode and get the flight information, put it into a text file, change the 1 to a 3, then use another website to re-encode it into a barcode. Finally, using a commercial photo-editing program or any program that can edit graphics replace the barcode in their boarding pass with the new one they created. Even more scary is that people can do this to change names. So if they have a fake ID they can use this method to make a valid boarding pass that matches their fake ID. The really scary part is this will get past both the TSA document checker, because the scanners the TSA use are just barcode decoders, they don’t check against the real time information. So the TSA document checker will not pick up on the alterations. This means, as long as they sub in 3 they can always use the Pre-Check line.
October 19, 2012 Security Flaws in the TSA Pre-Check System and the Boarding Pass Check System.
Well, this sounds like potentially a pretty big deal. Facebook is using smartphone location data to recommend new friends to users, which suggests many possible privacy invasions. This is also a technique NSA uses to track surveillance targets.
Mian Wei, a Chinese student at the Rhode Island School of Design, has created an experimental series of fake fingertips with randomly generated fingerprints that work with Apple and Android fingerprint authentication schemes, as well as many others.
If you’re a student journalist and want to attend HOPE XI, the Eleventh Hackers on Planet Earth conference (July 22-24, NYC) you can win free admission (and an interview with me!) by submitting an article about any of the topics come up at HOPE conferences! Get writing!
Taking pictures can be challenging. There are a million factors that can influence each shot you take – and unless you’re a trained photographer, you often just focus, click…and cross your fingers.Of course, you can take some of the ambiguity out of your picture-taking with this Hollywood Art Institute Photography Course & Certification package, now […]
Experienced shutterbugs with DSLR cameras have boatloads of lens options for capturing the moment. Unfortunately, smartphone photographers often get stuck with their one crummy lens, which means limited zoom and focus for their final image.Step up your smartphone’s photographic power with the Acesori 5-Piece Smartphone Camera Lens Kit, now just $9.99 in the Boing Boing Store.Magnetic rings easily […]
Some truths are universal. For one, your phone will always run out of power when you most need it. For another, the charging cords that come packaged with your Apple device will fray, split, and rip faster than Usain Bolt in a game of tag.Instead, pick up a charging cord that anyone would have a tough […]