Thursday, October 8, 2015

Are you shredding your used boarding passes?

This week I found out that we should be shredding our airline boarding passes after using them, based on the myriad of details easily gleaned from the data on the pass and in the bar code.

For example, if you take a snapshot of your boarding pass and upload that image to your FaceBook page, anyone with access to your page can take a screen shot of the image and then upload it to a web site called Inlite that reads bar codes. Inlite decodes and spits out the contents of the bar code.

As it turns out, the boarding pass contains lots of information about you and your trip, as well as your frequent flier number (FFN). For airlines that allow you to log in to their web sites using your FFN as your user name, that is exactly one half of the credentials needed to log in as you—unless, of course, the login requires multi-factor authentication.

With your login name in hand, cracking your password and logging in as you is not hard for hackers to do, especially if the secret question used to unlock your account is your mother's maiden name.

This is a fascinating story. For details, see Brian Krebs' article What's in a Boarding Pass Barcode? A Lot.

No comments:

Post a Comment