|
Originally Posted by gobluetwo
(Post 19563877)
Actually, I believe he said he wasn't sure if there was a boarding pass signature and whether or not his reverse-engineered boarding pass would, um, pass...
https://puckinflight.wordpress.com/2...-check-system/ The post continues: What terrorists or really anyone can do is use a website to decode the barcode and get the flight information, put it into a text file, change the 1 to a 3, then use another website to re-encode it into a barcode. Finally, using a commercial photo-editing program or any program that can edit graphics replace the barcode in their boarding pass with the new one they created. Even more scary is that people can do this to change names. So if they have a fake ID they can use this method to make a valid boarding pass that matches their fake ID. The really scary part is this will get past both the TSA document checker, because the scanners the TSA use are just barcode decoders, they don’t check against the real time information. So the TSA document checker will not pick up on the alterations. This means, as long as they sub in 3 they can always use the Pre-Check line. . . . So, there are two problems here. First, is the that data on the barcode is not encrypted. This allows people to alter information on the front of the boarding pass. Second, is the more serious issue of the Pre-Check information not only out there but where it is also possible to edit the Pre-Check status and place it back on the boarding pass. I didn't see any hedging there at all. I believe he might also be wrong that 1 is no PreCheck-- 0 is no PreCheck. I don't know (I try to hedge when I don't know something for sure), but I think 1 means SSSS. I think 0 = CLR, 1 = SSSS, and 3 = LLL. And then, when he figures out he is wrong: https://puckinflight.wordpress.com/2...security-flaw/ Notice that the title is "Update on the TSA Security Flaw," not "Oops, I didn't know what I was talking about". It is hardly an 'update' when the information is only new to the author. * * * Whether knowing one has a '3' in advance of arriving at the security checkpoint constitutes a security risk is a topic open for debate; what Colpuck did was post fiction as fact to sound an alarm that didn't need sounding. There was no need to attract attention to a 'secret' frequent fliers find very convenient; the only thing that could come of it is that it changes, and that would be a bad thing for us. What people also fail to recognize is that at airports like ORD, contract employees scan boarding passes before the line to security. Anyone wanting to probe the system can just turn around and go home if he doesn't get 3 beeps from the contract employee-- it isn't like one is already in the TSA area past some 'point of no return' when one finds out about PreCheck for a given flight. This 'flaw' (if it is one at all) was evident to me when AA first split the line in ORD T3 during PreCheck's first month. (Somehow, I resisted the temptation to post it, perhaps because I knew nothing good could come of running my mouth-- they could have reacted by shoving PreCheck back into the elite line). So one could probe the system long before people knew how to decode the barcode. I take no pleasure in attacking my fellow FT'ers, but this poster's conduct is beyond irksome and requires calling out. |
Originally Posted by Upgraded!
(Post 19557430)
Modifications, perhaps (like a membership style program a la GE), but a total shutdown seems unlikely.
Originally Posted by GUWonder
(Post 19558124)
There is no general need for liquids, laptops and laces to be exposed in bins at airport screening checkpoints. PreCheck LLL-type screening should be the default screening method for passengers in general.
|
The End of Pre-check?
Another article this morning about how terrorists can alter boarding passes to qualify for pre-check. Is this a TSA scam to end pre-check and increase their self worth?
http://news.yahoo.com/spoofed-boardi...231754237.html |
The End of Pre-check?
I read it in cnnfn.com and thought the exact same thing. Great program, only if it works.
|
http://www.flyertalk.com/forum/check...pre-check.html
Originally Posted by rdaven2003
(Post 19569603)
Another article this morning about how terrorists can alter boarding passes to qualify for pre-check. Is this a TSA scam to end pre-check and increase their self worth?
http://news.yahoo.com/spoofed-boardi...231754237.html |
|
Pre does not mean no checks. It's supposed to be a shorter line and keeping shoes on. You can already keep shoes on if you are elderly and don't need to be Pre.
|
As this concerns travel security, please follow it as it moves to the Practical Travel Safety Issues forum. Ocn Vw 1K, Moderator, TravelBuzz.
|
It shouldn't matter that the 1 or 3 referenced in the article above is in the clear. The barcode is digitally signed to prevent alteration. So long as the certificate(s) used to do the signatures remains secure, any alteration like that described in the article would mean that the barcode would fail the sig check. happened to me when my barcode was smudged and misread.
|
Another idiot news outlet takes Colpuck's word as the gospel truth. :rolleyes:
|
Originally Posted by tusphotog
(Post 19566216)
If they do a membership program like GE (and I'd gladly pay for that), they better have it rolled out across all airlines and at all the major and secondary airports.
|
Originally Posted by Upgraded!
(Post 19570667)
That would/should be the beauty of it: scan an ID and you're good to go. I would imagine it's much easier to get this right if it's an ID issued by TSA, scanned by a TSA scanner and no interface with the airlines is required.
|
I have spent a good 15 minutes looking around for these mysterious websites that can decode barcodes, and not found anything but this one, which doesn't work on any barcode image file I give it.
I have seen many breathless articles about the Grave Threat To Our Security posed by being able to know ahead of time whether I'll be groped and scanned. How can I decode a barcode, either on a website or with my phone? None of the barcode scanner apps for iOS seems to read boarding pass barcodes. |
Originally Posted by gfunkdave
(Post 19582301)
I have spent a good 15 minutes looking around for these mysterious websites that can decode barcodes, and not found anything but this one, which doesn't work on any barcode image file I give it.
I have seen many breathless articles about the Grave Threat To Our Security posed by being able to know ahead of time whether I'll be groped and scanned. How can I decode a barcode, either on a website or with my phone? None of the barcode scanner apps for iOS seems to read boarding pass barcodes. |
Originally Posted by steve65341
(Post 19582561)
I downloaded one for iphone that simply shows up as "scanner" and it works well. FWIW the boarding pass barcode is in PDF 417 format so finding one that supports it will work.
|
| All times are GMT -6. The time now is 5:58 pm. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.