Sometimes I feel like people are being too mean to the TSA.
Flight enthusiasts, however, recently discovered that the bar codes printed on all boarding passes — which travelers can obtain up to 24 hours before arriving at the airport — contain information on which security screening a passenger is set to receive.
Details about the vulnerability spread after John Butler, an aviation blogger, drew attention to it in a post late last week. Butler said he had discovered that information stored within the bar codes of boarding passes is unencrypted, and so can be read in advance by technically minded travelers.
Simply by using a smartphone or similar device to check the bar code, travelers could determine whether they would pass through full security screening, or the expedited process.
A security expert points out that the whole idea behind random screening is that the terrorists don’t know what to expect. Well, now they do!
John Butler, of the blog PunkInflight, who discovered this, explains how it works:
The problem is, the passenger and flight information encoded in barcode is not encrypted in any way. Using a web site I decoded my boarding pass for my upcoming trip.
M1PUCK/COLWMR YXXXXXX PHXEWRUA XXX 294RXXXFXX 11F>30B
WWXXX BUA 0E016 3
So, here you see my flight information for my United flight from PHX to EWR. It is my understanding that this is similar to digital boarding passes issued by all U.S. Airlines; so the same information is on a Delta, US Airways, American and all other boarding passes. I am just using United as an example. I have X’d out any information that you could use to change my reservation. But it’s all there, PNR, seat assignment, flight number, name, ect. But what is interesting is the bolded three on the end. This is the TSA Pre-Check information. The number means the number of beeps. 1 beep no Pre-Check, 3 beeps yes Pre-Check. On this trip as you can see I am eligible for Pre-Check. Also this information is not encrypted in any way.
Butler goes on to explain the horrifying implications:
What terrorists or really anyone can do is use a website to decode the barcode and get the flight information, put it into a text file, change the 1 to a 3, then use another website to re-encode it into a barcode. Finally, using a commercial photo-editing program or any program that can edit graphics replace the barcode in their boarding pass with the new one they created. Even more scary is that people can do this to change names. So if they have a fake ID they can use this method to make a valid boarding pass that matches their fake ID. The really scary part is this will get past both the TSA document checker, because the scanners the TSA use are just barcode decoders, they don’t check against the real time information. So the TSA document checker will not pick up on the alterations. This means, as long as they sub in 3 they can always use the Pre-Check line.
Seriously, no one at TSA thought about this?
Does anybody have an old pre-printed boarding pass – one you printed at home – that you can send?
That’s another fine mess you’ve gotten us into, TSA.