Przemek Jaroszewski is the head of Computer Emergency Readiness Team in Poland. His work requires him to travel about 50-80 times a year. Frequent air travel has made him a specialist of airlines’ premium lounges. His personal favourite is the Istanbul lounge of Turkish Airlines that offers a cinema, a bakery of Turkish delicacies, and free massages.
Last year an automated boarding pass reader mistakenly refused him entry at the Warsaw elite airport lounge. Jaroszewski used his hacker instinct and created an app to make sure he was never kept from availing high-end lounge privileges again.
Jaroszewski demonstrated how his app allows to bypass past elite lounges at the Defcon conference in Las Vegas. You can easily access duty-free shops and virtually bypass no-fly lists with the help of a fake boarding pass made using a frighteningly simple hack.
Jaroszewski says that boarding passes are surprisingly insecure:
“Effectively, we’re dealing with simple unencrypted strings of characters containing all the information needed to decide on our eligibility for fast lane access, duty-free shopping, and more . . .”
In an interview with Wired, he said that it takes only 10 seconds for his app to create a fake boarding pass. Here’s the YouTube video demonstrating the hack:
International Air Travel Association stated that airlines are responsible for the security of their lounges, and the hack is not enough for anyone to even enter an airport without a real ticket, let alone fly off. The commuters have to undergo a physical inspection at the airport entrance while the airline lounges are often automated e.g. ones targeted by Jaroszewski. Still, it is quite disturbing that any part of the airline security could be so porous and easy to crack.
Just a little coding can take you places, like the elite airline lounges around the world.