Want to know if you're in for a date with Doctor Jellyfinger the next time you go to the airport? Just print out your boarding-card and scan in the barcode: it encodes whether you're getting the "full security screening" or just the normal humiliation. Information about this vulnerability spread after a John Butler blog-post documented it. Not only can you discover if you're headed for the full monte, but you can also change your screening status by re-encoding the barcode with a different search-depth attached to your reservation.
I have X'd out any information that you could use to change my reservation. But it's all there, PNR, seat assignment, flight number, name, ect. But what is interesting is the bolded three on the end. This is the TSA Pre-Check information. The number means the number of beeps. 1 beep no Pre-Check, 3 beeps yes Pre-Check. On this trip as you can see I am eligible for Pre-Check. Also this information is not encrypted in any way.
What terrorists or really anyone can do is use a website to decode the barcode and get the flight information, put it into a text file, change the 1 to a 3, then use another website to re-encode it into a barcode. Finally, using a commercial photo-editing program or any program that can edit graphics replace the barcode in their boarding pass with the new one they created. Even more scary is that people can do this to change names. So if they have a fake ID they can use this method to make a valid boarding pass that matches their fake ID. The really scary part is this will get past both the TSA document checker, because the scanners the TSA use are just barcode decoders, they don't check against the real time information. So the TSA document checker will not pick up on the alterations. This means, as long as they sub in 3 they can always use the Pre-Check line.
October 19, 2012 Security Flaws in the TSA Pre-Check System and the Boarding Pass Check System.
(via /.)