Security flaws in airline boarding passes could allow would-be terrorists or smugglers to know if advance whether they would be subject to certain security measures, security researchers warn, and the flaw could even permit those persons to modify designated measures, according to an article from the Washington Post.
The vulnerabilities center on the Transportation Security Administration’s pre-screening system – PreCheck – a paid-for program in which the screening process is expedited for travelers at the airport. Through PreCheck, laptops can remain in hand baggage, as can approved liquid containers, and belts and shoes can be kept on. However, passengers can still be subject to random conventional security screening, the article says.
However, it has recently been found that bar codes printed on all boarding passes – which travelers can obtain up to 24 hours before arriving at the airport – contain information on which security screening a passenger is set to receive, Washington Post reports.
An aviation blogger, John Butler, drew attention to it in a post late last week, the article says, and the blogger says he discovered that the information stored within those boarding pass bar codes is unencrypted and can be read by technically-minded travelers.
Smartphones and similar devices can check the bar codes to determine which screening the passenger would receive. This information is supported by a publicly available technical specification on the International Air Transport Association’s website, the Post reports.
The TSA has declined to comment on the reports.