Hackers creating fake boarding passes

Published: May. 24, 2011 at 12:24 AM MST|Updated: Mar. 2, 2018 at 4:19 PM MST
Email This Link
Share on Pinterest
Share on LinkedIn

Security hackers have discovered a potentially dangerous loophole in airline security.

You cannot board a plane without a boarding pass, but computer hackers have found a way around that.

Instead of the standard boarding passes, majority of all passengers are now coming to the airport armed with boarding passes they printed out on a computer at home.

It is an important document that gets them through TSA check-points, and on board a plane.  Using a simple Photoshop program, security hackers have figured out a way to mess with the document, and fool security.

By downloading the airline boarding pass into a .PDF file, they import into the Photoshop program, the hacker is able to change the name on the boarding pass to their own.

Then, all they need is an ID and the fake boarding pass, and they're airborne.

The paper boarding passes do have a bar code on them that is scanned at the second check-point by an airline agent, right before you board the plane.  But, they do not check your ID and match it with the name that comes up on their computer.

At the first check point, a TSA agent does check your ID and your boarding pass to match the names, but they do not scan the bar code, so there's no way for them to tell if the boarding pass was actually issued in your name.

It is a problem TSA officials say they have been aware of for at least the last four years.

Every passenger sitting on board these planes has been through security. But how closely have they been screened?

"It's a little scary that anyone can do it," said frequent flyer Patrick Green.

Despite TSA's acknowledgement that boarding pass generating programs do exist, Green expressed concern.

"You can still do it.  Nobody's made any changes for it."

A Memphis woman recently made it through the TSA security check-point after accidentally grabbing her husband's boarding pass.  A TSA official apparently missed the fact that the woman's boarding pass had the name "Edward" printed on it.

They blamed it on a lax agent, who was disciplined.

Frequent flyer Don Stidham said the solutions seemed simple, and wondered why TSA had not changed the way they operated.

"Something needs to be done on the front-end computer side where this is being done to block this. There has to be more screening when people print these boarding passes and do something they shouldn't do," said Stidham.

Simple solutions would include locking the data, like banks do, preventing .PDF files from being altered once they are issued from the airline.  Just like you cannot download banking documents into a .PDF file and download them into another program, some experts suggest doing the same with airline boarding passes that you print out.

Another solution would be to add a scanner to the first security checkpoint that is in sync with the "No Fly" list.

Why hasn't this been done? Critics say the cost would run in the billions.

In 2008, TSA acknowledged the problem on a blog stating: "We're not naive enough to say the system is foolproof. We've seen the 'boarding pass generator' web sites and know how to use Photoshop.  The broader point is accurate, we could be better on this issue. Some months ago, a team of people at TSA went to work on it."

Frequent flyers like Don Stidham want the peace of mind, but he also hopes that increased security doesn't come at the cost of the convenience, of being able to print his boarding pass at home.

"You hate to have a few rotten apples screw it up for everybody else," said Stidham.

TSA requested bids last month, to purchase a computer system to identify fake IDs and board passes.

Instead of boarding passes like this.. Most of us are printing them at home .. it's a very important piece of paper.. But using Photoshop hackers have figured out a way to mess with this document.. and fool security.

TSA officials have known about this for years.. But the questions is.. Have they actually done anything about it?