TribLIVE

| USWorld


 
Larger text Larger text Smaller text Smaller text | Order Photo Reprints

Boarding pass bar codes could aid would-be terrorists, experts say

Email Newsletters

Click here to sign up for one of our email newsletters.

Daily Photo Galleries

By The Washington Post
Thursday, Oct. 25, 2012, 8:12 p.m.
 

Security flaws in airline boarding passes could allow would-be terrorists or smugglers to know in advance whether they will be subject to certain security measures, and perhaps even permit them to modify the designated measures, security researchers have warned.

The vulnerabilities center around the Transportation Security Administration's pre-screening system, a paid-for program in which the screening process is expedited for travelers at the airport: Laptops can remain in hand baggage, as can approved containers of liquid, and belts and shoes kept on.

Under the program, passengers can still be subject at random to conventional security screening.

Flight enthusiasts, however, recently discovered that the bar codes printed on all boarding passes —which travelers can obtain up to 24 hours before arriving at the airport — contain information on which security screening a passenger is set to receive.

Details about the vulnerability spread after John Butler, an aviation blogger, drew attention to it in a post late last week. Butler said he had discovered that information stored within the bar codes of boarding passes is unencrypted, and so can be read in advance by tech-minded travelers.

Simply by using a smartphone or similar device to check the bar code, travelers could determine whether they would pass through full security screening, or the expedited process.

Butler's findings are supported by information in a technical specification publicly available on the website of the International Air Transport Association, and some details about the vulnerability appear to have circulated in aviation chat forums since at least July.

The TSA declined to comment on the reports, and would not say whether the agency had been made aware of the issue. A spokesman stressed that screening at airport checkpoints is only one part of a much wider security process.

“TSA does not comment on specifics of the screening process, which contain measures both seen and unseen,” spokesman Sterling Payne said. “TSA Pre Check is only one part of our intelligence-driven, risk-based approach.”

The findings highlight serious vulnerabilities within the current TSA security systems, according to Chris Soghoian, a security expert who sought to draw attention to airline security vulnerabilities in 2006 by building a website that permitted travelers to produce fake boarding passes.

“If you have a team of four people ⅛planning an attack⅜, the day before the operation when you print the boarding passes, whichever guy is going to have the least screening is going to be the one who'll take potentially problematic items through security,” said Soghoian, now a senior policy analyst at the American Civil Liberties Union. “If you know who's getting screened before you walk into the airport, you can make sure the right guy is carrying the right bags.”

Subscribe today! Click here for our subscription offers.

 

 


Show commenting policy

Most-Read Stories

  1. Acme man’s ephemeral sculptures appear to defy laws of physics
  2. Rossi: After L.A., NFL should tread carefully
  3. Oncologists wary of scaled-back guidelines in cancer screenings
  4. Cal (Pa.) softball loses slugfest; season comes to an end
  5. Early success in White House race a pleasant surprise for Carson
  6. Posthumous election wins have happened in Western Pa., nation
  7. Starter Liriano strikes out 12, leads Pirates to series sweep of Mets
  8. 4 dogs found dead in Beechview home; woman charged
  9. Saudi King Salman vows retribution for suicide attack on mosque
  10. Neighbor arrested after McKeesport house fire, authorities say
  11. Photo Gallery: The Zac Brown Band kicks off summer with First Niagara show