Want to know if you're in for a date with Doctor Jellyfinger the next time you go to the airport? Just print out your boarding-card and scan in the barcode: it encodes whether you're getting the "full security screening" or just the normal humiliation. Information about this vulnerability spread after a John Butler blog-post documented it. Not only can you discover if you're headed for the full monte, but you can also change your screening status by re-encoding the barcode with a different search-depth attached to your reservation.
I have X’d out any information that you could use to change my reservation. But it’s all there, PNR, seat assignment, flight number, name, ect. But what is interesting is the bolded three on the end. This is the TSA Pre-Check information. The number means the number of beeps. 1 beep no Pre-Check, 3 beeps yes Pre-Check. On this trip as you can see I am eligible for Pre-Check. Also this information is not encrypted in any way.
What terrorists or really anyone can do is use a website to decode the barcode and get the flight information, put it into a text file, change the 1 to a 3, then use another website to re-encode it into a barcode. Finally, using a commercial photo-editing program or any program that can edit graphics replace the barcode in their boarding pass with the new one they created. Even more scary is that people can do this to change names. So if they have a fake ID they can use this method to make a valid boarding pass that matches their fake ID. The really scary part is this will get past both the TSA document checker, because the scanners the TSA use are just barcode decoders, they don’t check against the real time information. So the TSA document checker will not pick up on the alterations. This means, as long as they sub in 3 they can always use the Pre-Check line.
October 19, 2012 Security Flaws in the TSA Pre-Check System and the Boarding Pass Check System.
Gabriella Coleman is the “hacker anthropologist” whose book on the anthropology of Anonymous is among the best books on hacking I’ve ever read; her new paper in Current Anthropology, From Internet Farming to Weapons of the Geek, poses a fascinating question: given that hackers are as well-paid and privileged as doctors, lawyers and academics, how […]
Mr Robot is the most successful example of a small but fast-growing genre of “techno-realist” media, where the focus is on realistic portrayals of hackers, information security, surveillance and privacy, and it represents a huge reversal on the usual portrayal of hackers and computers as convenient plot elements whose details can be finessed to meet […]
The unprecedented denial-of-service attacks powered by the Mirai Internet of Things worm have harnessed crappy, no-name CCTVs, PVRs, and routers to launch unstoppable floods of internet noise, but it’s not just faceless Chinese businesses that crank out containerloads of vulnerable, defective-by-design gear — it’s also name brands like Sony.
The Boing Boing Store’s Gift Guide is full of ideas for pretty much anyone in your life like hipster ice cub trays, Xbox controllers, Halo Boards, and even diamond necklaces. As always, all products in the Boing Boing Store come at great discounts, too. Shop by price bucket starting at under $20. Under $20:Bloxx Jumbo Ice Trays […]
Unlike traditional lighters, the SaberLight features an electronic plasma beam that’s both rechargeable and butane-free. This sleek lighter is even approved by TSA, so you’ll never be stuck buying lighters you’ll just have to throw away partially used. For some people, like me, this is a pretty big game-changer. The SaberLight’s beam is actually both hotter and cleaner […]
Holiday shopping is in full swing, and the Striiv Touch is one of the best gift ideas I’ve landed on. Its simple design works for females and males, and its wide range of features makes it suitable for even the non-fitness enthusiasts in your life.Unlike traditional fitness trackers, the Striiv Touch also acts as a smartwatch. It […]