Snacky

Funny story about a clever "whiz-kid", who's claiming that some simple hacking is all it takes to get free flights, involving boarding pass generation on his iPhone, and a small social engineering effort.

http://www.tomsguide.com/us/iphone-h...ews-18562.html


Snacky

planemechanic

Sounds like total BS to me. Faking a barcode is one thing, but he can't get the reservation system to make a reservation for him with a fake barcode. Most likely he just BS'ed his way past a gullible agent. That has nothing to do with Apple Passbook.

fL1Pm0d3

Hmmm, if you could fake passbook with the same ticket you've already booked on. Maybe you could get priority boarding somehow, but I tend to think that when they scan your passbook it comes up what zone you are boarding.

FlyerTalker6245

I reckon that is probably very doable. In the same way you could do to a printed paper pass.

Tsun

I don't believe it either. While it may be possible to add a note 'please upgrade this passenger to F' which would be displayed on the gate agent's reader, successfully creating tickets totally out of the blue is extremly unlikely.

Perhaps his idea is cloning someone else's ticket with modifed data, and convincing staff that this is a system error - but it's hardly an accomplishement.

DC777Fan

Exactly... all you'd need to do is download it to PDF and edit it in Acrobat then print that. I don't see this as really much different since it doesn't involve hacking into the airline system and giving yourself a reservation.

With Passbook, you could screenshot the Passbook generated boarding pass, edit the image in Photoshop and then just pull up the image instead of a true Passbook boarding pass.

But I have to imagine in either case that whatever you produce won't "scan" correctly in the airline system.

If you did your homework and assigned yourself an empty seat in J/F, you could theoretically board the plane, show them your "boarding pass" and take the unoccupied seat. You still wouldn't be on the manifest as a J pax, though, so you'd have to get a FA willing to chalk it up to computer error and not really look into the matter any further. A lot of risk there...

**EDIT** One thing you could do pretty easily and get away with pretty easily is to print a separate boarding pass for yourself in J with the sole purpose of accessing the premium security line. I've never seen them scan BPs, so I think this would be pretty easy to get away with with a near-zero chance of being caught.

FTstudent

That would be super easy. Just drop the elite lane logo on the BP before printing it, for the benefit of the line dragons.


On generating a bar code, I have decoded mine back in the day when it was the only way to find out if you have Pre-Check. There's a long character string after the PNR info, which I assumed was some type of encryption key. If true, I'd hope you'd need to regenerate the encryption key if you changed the PNR data.

fL1Pm0d3

Hopefully this does not set back the option of using the phone as a boarding pass.

golfmad

Without condoning this nonsense (which is at best theft and fraud) you could purchase a fully flex refundable ticket in F and select your favorite seat. Then do whatever this chap is going to demonstrate and put yourself in the same seat. At least that way you could board without expecting to find someone else in the seat. Then simply cancel the refundable one after the event.

JackE

And what happens when the pax count is +1 prior to liftoff?

The plane should not be taking off.

David-A

It would only be the cabin counts that would be +1 and -1.
The plane count would be flat.

cxn

I am pretty sure they 'scan' my boarding pass and do a match to the system to check you in. If there is ever a problem they go and see why and resolve it.

Unless the airline has crappy IT support or no access at the airport, I don't see how this can get past the Gate Agent.

DC777Fan

Right, but once you get on the plane, they don't scan your BP again--they just check it visually. So if you have a lazy FA that just thinks "computer screwed up again!" and doesn't look into the matter, the offender gets to squat in J the whole flight.

cxn

I guess AA/CX are better at checking the printed manifest and checking everything esp on International J/F.

Kagehitokiri

>

agree


they have procedures, which social engineers can be aware of