App Exploit Could Allow Hackers Free Flights

This post is also available in: עברית (Hebrew)

A security student has discovered a method to fly for free across Europe by generating fake boarding documents designed for Apple’s Passbook app

8160272_m featureA 18 year-old security student, Anthony Hariton from the University of Crete in Greece, has announced that he will present next month a technological trick to fly for free across Europe by generating fake boarding documents designed for Apple’s Passbook app.

According to Security Affairs Passbook is a Popular App designed by Apple iOS that allows users to store boarding passes, and much more like event tickets and coupons, Hariton will make his presentation at the next Hack in the Box conference on May 29th in Amsterdam.

Hariton revealed to have discovered a way to deceive the ticket scanners used in the airport to authorize boarding operations just before passengers step onto the aircraft.

iHLS – Israel Homeland Security

offshore_650x90

The young student using CSS and specially designed JavaScript is able to create the boarding passes within a web browser, the generated tickets could be passed to the Apple Passbook with common API available to the development community to design software able to manage the pass tickets and interact with Passbook.

In any airport boarding personnel use gate scanners to associate passengers’ ticket with the airline’s departure database, a check used that only legitimate passengers can fly with a specific aircraft.

The discovery made by Hariton is really alarming, anyone with knowledge of the bypass can take a plane from any airport located in the European Union and fly to a destination of their choice simply creating a bogus boarding pass within Apple’s Passbook app.