Student Allegedly Hacks Apple Passbook for Free Flights
#1
Original Poster
Join Date: Jan 2013
Location: CKH
Posts: 575
Student Allegedly Hacks Apple Passbook for Free Flights
Funny story about a clever "whiz-kid", who's claiming that some simple hacking is all it takes to get free flights, involving boarding pass generation on his iPhone, and a small social engineering effort.
http://www.tomsguide.com/us/iphone-h...ews-18562.html
Snacky
http://www.tomsguide.com/us/iphone-h...ews-18562.html
Snacky
#2
FlyerTalk Evangelist
Join Date: Jan 2006
Posts: 11,439
Sounds like total BS to me. Faking a barcode is one thing, but he can't get the reservation system to make a reservation for him with a fake barcode. Most likely he just BS'ed his way past a gullible agent. That has nothing to do with Apple Passbook.
#3
Join Date: Jun 2013
Location: SEA
Programs: Bonvoy Platinum, HH Gold
Posts: 82
Hmmm, if you could fake passbook with the same ticket you've already booked on. Maybe you could get priority boarding somehow, but I tend to think that when they scan your passbook it comes up what zone you are boarding.
#4
I reckon that is probably very doable. In the same way you could do to a printed paper pass.
#5
Join Date: Jan 2013
Location: MUC/SFO/GDN
Posts: 109
I don't believe it either. While it may be possible to add a note 'please upgrade this passenger to F' which would be displayed on the gate agent's reader, successfully creating tickets totally out of the blue is extremly unlikely.
Perhaps his idea is cloning someone else's ticket with modifed data, and convincing staff that this is a system error - but it's hardly an accomplishement.
Perhaps his idea is cloning someone else's ticket with modifed data, and convincing staff that this is a system error - but it's hardly an accomplishement.
#6
Join Date: Aug 2011
Location: ECP
Programs: DL Diamond
Posts: 1,658
With Passbook, you could screenshot the Passbook generated boarding pass, edit the image in Photoshop and then just pull up the image instead of a true Passbook boarding pass.
But I have to imagine in either case that whatever you produce won't "scan" correctly in the airline system.
If you did your homework and assigned yourself an empty seat in J/F, you could theoretically board the plane, show them your "boarding pass" and take the unoccupied seat. You still wouldn't be on the manifest as a J pax, though, so you'd have to get a FA willing to chalk it up to computer error and not really look into the matter any further. A lot of risk there...
**EDIT** One thing you could do pretty easily and get away with pretty easily is to print a separate boarding pass for yourself in J with the sole purpose of accessing the premium security line. I've never seen them scan BPs, so I think this would be pretty easy to get away with with a near-zero chance of being caught.
Last edited by DC777Fan; Apr 7, 2014 at 9:55 am
#7
Join Date: Jul 2013
Location: TPA
Programs: UA Gold
Posts: 341
One thing you could do pretty easily and get away with pretty easily is to print a separate boarding pass for yourself in J with the sole purpose of accessing the premium security line. I've never seen them scan BPs, so I think this would be pretty easy to get away with with a near-zero chance of being caught.
On generating a bar code, I have decoded mine back in the day when it was the only way to find out if you have Pre-Check. There's a long character string after the PNR info, which I assumed was some type of encryption key. If true, I'd hope you'd need to regenerate the encryption key if you changed the PNR data.
#9
Moderator: British Airways Executive Club
Join Date: Nov 2010
Location: TPA/ABZ
Programs: BA Lifetime Gold. GGL/CCR.
Posts: 13,248
Without condoning this nonsense (which is at best theft and fraud) you could purchase a fully flex refundable ticket in F and select your favorite seat. Then do whatever this chap is going to demonstrate and put yourself in the same seat. At least that way you could board without expecting to find someone else in the seat. Then simply cancel the refundable one after the event.
#12
Join Date: Apr 2002
Location: Home
Posts: 1,910
I am pretty sure they 'scan' my boarding pass and do a match to the system to check you in. If there is ever a problem they go and see why and resolve it.
Unless the airline has crappy IT support or no access at the airport, I don't see how this can get past the Gate Agent.
Unless the airline has crappy IT support or no access at the airport, I don't see how this can get past the Gate Agent.
#13
Join Date: Aug 2011
Location: ECP
Programs: DL Diamond
Posts: 1,658
Right, but once you get on the plane, they don't scan your BP again--they just check it visually. So if you have a lazy FA that just thinks "computer screwed up again!" and doesn't look into the matter, the offender gets to squat in J the whole flight.
#14
Join Date: Apr 2002
Location: Home
Posts: 1,910
I guess AA/CX are better at checking the printed manifest and checking everything esp on International J/F.
#15
FlyerTalk Evangelist
Join Date: Jun 2006
Location: IAD/DCA
Posts: 31,797
>
agree
they have procedures, which social engineers can be aware of
they have procedures, which social engineers can be aware of