Have a safe flight (hacking the boarding pass)
By now we should all be (more or less) aware that the internet can be a dangerous place and sharing personal information might not always be the best idea. However, it might not always be clear what the possible threats might be in a given situation or how much damage a hacker with malicious intent can do with very limited information. In this article I will talk about the Boarding Passes for Airlines and the information contained in them.
BCBP (bar-coded boarding pass) is the name of the standard used by more than 200 airlines. BCBP defines the 2-Dimensional (2D) bar code printed on a boarding pass or sent to a mobile phone for electronic boarding passes.
BCBP was part of the IATA Simplifying the Business program, which issued an industry mandate for all boarding passes to be barcoded.
At least once a week I come across someone’s Facebook or Instagram story, sharing their excitement about their trip to a foreign country. The photo usually includes the passport, boarding pass, and an airplane in the background. Let me explain why it is not the best idea to post such content…
Let’s take “Image 1” as our example for investigation. Although the name, destination, gate, and other information may not be visible on the photo, we can see the barcode present on the boarding pass.
The barcode on the boarding pass contains a wealth of information that can be scanned using a smartphone or barcode reader. This information can be used to access your details, such as your travel itinerary, seat information, and more!
If we do some expert-level cropping, we get a clearer image of the barcode for further analysis.
Great! Now that we have a well-readable barcode let’s see what information we can get out of it.
With a quick google search, we can find the right tool for the job.
In our case I will use the Free Online Barcode Reader by Inlite.
There are multiple different Barcode Types but by no means do you have to be a barcode expert to figure out which one you need to use. Just by visual analysis, we can see our barcode looks like PDF417.
Time to get some information!
Nice! We were able to successfully read the barcode and extract the information.
Barcode Analysis
M1ROE/BRIAN EIA4258 LHRLASBA BA275215F012A000 11 00Time to dive a little deeper to see what information the barcodes actually contain. For this I will break down the previously extracted information into smaller pieces.
- M1 — Format code ‘M’ and 1 leg on the boarding pass
- ROE/BRIAN — Passanger’s name
- EIA4258 — Booking Reference
- LHRLASBA — Flying from LHR (Heathrow) to LAS (Las Vegas) on BA (British Airways)
- BA275 — Flight Number
- 215 — The Julian Date (August 3rd)
- F — Frist class in our case (Y for Economy, J for Business)
- 12A — Seat Number
- 11 — Sequence number (11th to check in)
- 00 — Field Size of the airplane’s specific data message. 00 means there is not any.
Are you scared yet?
In this case, the boarding pass barcode only contains the minimum data fields as required by the IATA BCBP standard. The information can be more detailed for other boarding passes, for example even containing information about the frequent flyer number. Your frequent flyer number and loyalty program information is included on the boarding pass. This information can be used by hackers to access your rewards program account and steal your miles.
Lessons learned
The booking information and reference number combined with your first and last name are often sufficient for making changes to your itinerary. So if you want to avoid some prankster hacker canceling your flight ticket minutes before you board the plane, do not post the photo of your boarding pass on the internet. However, if you absolutely have to, make sure you obfuscate the sensitive information (including the barcode).
Happy Hacking!
