Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Flaw in online boarding passes enable anyone to view others

Flaw in online boarding passes enable anyone to view others
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Dec 16, 2014, 11:18 PM
 
Dani Grant, the founder of the security research group Hackers of NY, has reported a serious flaw in the way that Delta and potentially other airlines handle online boarding passes, often displayed on smartphone screens to gain entry to flights. Grand discovered that if she shared the URL to her Delta online boarding pass, anybody could download and potentially redeem it. Even more disturbingly, when she changed with the last digit of the seemingly random numbers in the URL, she could view someone else's online boarding pass, which might even be on an entirely different airline.



While it would be difficult to get into an airport without a boarding pass in one's own name, or proper ID matching the name on the boarding pass, the viewer can check the passenger into the flight, or even change their seat assignment, among other potential risks. Presumably, it would also be difficult to use this trick to find a specific passenger's boarding pass, or one for a specific flight, without intimate knowledge of how the number sequences on the URL are generated.

The TSA commented on the story, saying "travel document checking is just one layer of TSA's defense for aviation security," said TSA Press Secretary Ross Feinstein. "Officers are trained to detect and potentially deter individuals who may attempt to board an aircraft with fraudulent documents."

In an email to Grant, a Delta representative apologized for the breach of security, and provided her with a customer service number if she continued to have issues stemming from it. In a statement to Time Magazine, Delta spokesperson Paul Skrbec said that Delta IT was able to implement a fix without causing any impact to flight safety. According to Skrbec, Delta isn't aware of any compromised accounts as a result of the flaw.
( Last edited by NewsPoster; Dec 17, 2014 at 12:36 AM. )
     
FireWire
Mac Elite
Join Date: Oct 1999
Location: Montréal, Québec (Canada)
Status: Offline
Reply With Quote
Dec 17, 2014, 07:18 AM
 
come on.. this flaw is as old as the internet... some banks had it in the 90s and it didn't last long..
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 09:17 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,