Concerns raised about airline boarding pass barcodes

October 26, 2012 by Lin Edwards report
Concerns raised about airline boarding pass barcodes
Credit: Wikipedia

(Phys.org)—Boarding passes for travel on airlines in the US (and many other countries) now include barcodes, but an aviation security researcher has now learned that these barcodes can be read by readily available tools and are unencrypted. The barcodes include information on the level of security check the passenger will be required to satisfy when they pass through pre-boarding checks.

The fear that barcode information could potentially be of use to terrorists was first raised in an article in the in July this year, but the fear was escalated last week by John Butler in his aviation blog, Puckinflight, when he reported that the barcode information was not encrypted.

Passengers can print their boarding passes before they leave home, and Butler said the barcodes can easily be read by online barcode readers or smartphone apps, and this would enable them to see in advance if they have been selected for the Transportation Security Administration's (TSA) PreCheck security level for the flight.

PreCheck security level is applied randomly to frequent fliers and can be purchased from US Customs, who carry out a background check on the applicant before approving the security level. Once approved and enrolled in the system, passengers are eligible to be selected for PreCheck on any flight. If selected, they bypass some of the pre-boarding security measures, are allowed to leave their toiletries and laptops in their carry-on bags, and do not have to remove shoes, jackets or belts as they are screened. They also avoid the controversial full-.

Butler suggested that the barcode could be altered to change the security level to PreCheck simply by reading the barcode, saving the information as a text file, and altering a single digit corresponding to the security level. The altered file could then be uploaded to another website to be re-encoded as a barcode, and this could easily be incorporated into the boarding pass using widely available photo-editing software.

Other information on the barcode could be altered in the same way, including the passenger name, and flight details, and as long as the security check level was changed to PreCheck, the passenger would avoid thorough security checking and be likely to get through.

The barcodes in US airports are read by machines operated by the TSA, but they are merely barcode readers and do not check the information. The TSA issued a statement that its security systems include "measures both seen and unseen," but it did not comment on the specifics of Butler's blog post.

In a later blog post Butler said the International Air Transport Association (IATA) standards allow for a validation mark to be included in the barcode on boarding passes to prevent the kind of tampering Butler warned about, but while the remain unencrypted there is nothing to stop passengers learning in advance that they will be subjected to lower .

Explore further: Checking In Via Cell Phone

Related Stories

Checking In Via Cell Phone

February 11, 2005

Airline passengers will soon be able to check in with their cell phones. Together with SITA, a leading provider of IT services to the airline industry, Siemens Business Services has developed a mobile solution that eliminates ...

Before Your Flight: A Fingerprint Scan at the Check-in Desk

September 30, 2005

Lufthansa has teamed up with Siemens to successfully test a biometric process for check-in and boarding at Frankfurt Airport. The tests proved the feasibility of identifying airline passengers from their fingerprints. The ...

Risk-based passenger screening could make air travel safer

January 31, 2012

Anyone who has flown on a commercial airline since 2001 is well aware of increasingly strict measures at airport security checkpoints. A study by Illinois researchers demonstrates that intensive screening of all passengers ...

Prototype boarding gate with built-in explosives detection

October 3, 2012

Hitachi, in collaboration with The Nippon Signal and the University of Yamanashi, have successfully prototyped a boarding gate with built-in explosives detection equipment as part of efforts to increase safety in public facilities ...

Recommended for you

Sydney makes its mark with electronic paper traffic signs

July 28, 2015

Visionect, which is in the business of helping companies build electronic paper display products, announced that Sydney has launched e-paper traffic signs. The traffic signage integrates displays from US manufacturer E Ink ...

5 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

kochevnik
Oct 26, 2012
This comment has been removed by a moderator.
gwrede
1 / 5 (3) Oct 26, 2012
PreCheck security level ... can be purchased ... once approved and ... if selected, they bypass ... security measures, are allowed to leave their toiletries and laptops in their carry-on bags, and do not have to remove shoes, jackets or belts as they are screened. They also avoid the controversial full-body scanners.
OMFG!!! And all this article does, is bemoans some barcodes.

The real security risk is this Security Level crap. Don't they know that security is only as strong as the weakest link? If I were the Terrorist Boss, all I now have to do is find three non-arab looking guys, and buy them PreCheck. Chances are (and the whole point of the system is) that at least two of them are not checked on a given flight.

Sheesh! And everybody is just crying over some bar code. Good grief!

I say, kill PreCheck bypass. Now!
axemaster
5 / 5 (2) Oct 26, 2012
The TSA issued a statement that its security systems include "measures both seen and unseen,"

This made me giggle a little...
kochevnik
3.2 / 5 (5) Oct 26, 2012
You are nine times more likely to be killed by a policeman than a terrorist in America. I doubt the police will upload and download barcodes before shooting.
Pkunk_
not rated yet Oct 27, 2012
You are nine times more likely to be killed by a policeman than a terrorist in America. I doubt the police will upload and download barcodes before shooting.

How about killed by muggers, drug addicts and other criminals ? Is it 9 times more likely then to be killed by police "brutality" as you try to point out?
What is your solution ? Ban the US police , or recruit Russian police instead ?

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.