Got scanner & bar code generator? How to cheat Pre-Check! Maybe ...

Discussion in 'Aviation Passenger Security in the USA' started by Mike, Oct 22, 2012.

  1. Mike

    Mike Founding Member Coach

    Last I heard, our buddy Col P. Uck was busily engaged setting up housekeeping at Gitmo ...

    PuckInFlight: Security Flaws in the TSA Pre-Check System and the Boarding Pass Check System (Oct 19 2012)

    I'm publishing this because I am seriously concerned with boarding pass security in the United States. The way TSA Pre-Check works is the organizations that participate transmit travel information for passengers who opt-in to the program to the TSA. Then the TSA in a way that randomizes security determines if the passenger is or is not eligible for Pre-Check and sends that information back to the Airline. The Airline then encodes that information in a barcode that is on the boarding pass it issues. The problem is, the passenger and flight information encoded in barcode is not encrypted in any way ...
     
  2. Mike

    Mike Founding Member Coach

    Becky Akers @ LRC blog: ‘Intelligence-Driven,’ My Foot

    The TSA’s vaunted “PreCheck” has a problem. No, not its inherent economic fascism: only we wackos consider that a drawback. Rather, “security flaws in airline boarding passes could allow would-be terrorists or smugglers to know in advance whether they will be subject to certain security measures, and perhaps even permit them to modify the designated measures.”

    This has the cowardly all a-flutter. They overlook one salient fact, however: those “would-be terrorists” aren’t exactly lurking behind the potted plants on the concourse. Nope, they’re out in the open, wearing blue shirts and gloves, gate-raping passengers. We don’t need bar-codes and “security measures” for the chumps buying tickets: we need ‘em for the perverts and criminals the Feds sic on us.

    Meanwhile, the TSA has trotted out the same boilerplate it does whenever someone points out another of the numerous flaws in any of its crimes: “TSA Pre Check is only one part of our intelligence-driven, risk-based approach.”
     
  3. Mike

    Mike Founding Member Coach

    Becky Akers @ LRC blog: ‘Intelligence-Driven,’ My Foot

    The TSA’s vaunted “PreCheck” has a problem. No, not its inherent economic fascism: only we wackos consider that a drawback. Rather, “security flaws in airline boarding passes could allow would-be terrorists or smugglers to know in advance whether they will be subject to certain security measures, and perhaps even permit them to modify the designated measures.”

    This has the cowardly all a-flutter. They overlook one salient fact, however: those “would-be terrorists” aren’t exactly lurking behind the potted plants on the concourse. Nope, they’re out in the open, wearing blue shirts and gloves, gate-raping passengers. We don’t need bar-codes and “security measures” for the chumps buying tickets: we need ‘em for the perverts and criminals the Feds sic on us.

    Meanwhile, the TSA has trotted out the same boilerplate it does whenever someone points out another of the numerous flaws in any of its crimes: “TSA Pre Check is only one part of our intelligence-driven, risk-based approach.”
     
  4. N965VJ

    N965VJ Original Member

    Confirmation of ID to a TSA Trained Document Checker only protects airline revenue, nothing more. PreCheck just allows those that give up personal information to the government a way to bypass more onerous security theatre (and specifically NOT guaranteed).

    I give him a ^ for finding an undercooked layer in the Security Baklava, but this is not a threat. I don't care if someone has a fake ID or found a way to get some common-sense screening.
     
  5. Mike

    Mike Founding Member Coach

    BBC: Boarding pass barcodes 'can be read by smartphones'

    The barcodes reveal which airport checks a passenger will face and can be read by smartphones, he says. It could undermine the US's PreCheck system which randomly decides which frequent fliers can skip part of the pre-boarding security process. The codes could allow passengers to work out if they had been picked.​

    ...​

    The fact that passengers can use their handsets to find out if they have been picked poses a problem, says Christopher Soghoian, principal technologist at the American Civil Liberties Union. "The disclosure of this information means that bad guys are not going to be kept on their toes anymore," he said. The security issue was publicised by aviation blogger John Butler, but had been discussed in specialist online forums since last summer.​


    For those late to the party ...
    • Christopher Soghoian is the guy who created a web site to print boarding passes a few years ago & was raided by the FBI despite not having committed any crime
    • "Aviation blogger John Butler" is colpuck at that other place
     
  6. Mike

    Mike Founding Member Coach

  7. Mike

    Mike Founding Member Coach

  8. Fisher1949

    Fisher1949 Original Member Coach

    Didn't Bruce Schneier expose this a year ago? I recall an article where they reworked a used BP and went through security with a fraudulent version.

    Not really any different here, just a matter of reworking the bar or QR code using free software and printing it.
     
  9. FriendlySkies

    FriendlySkies Member

    They must not care that it is quite easy to print out a bunch of fake BPs (assuming they're not scanner) that would allow a bunch of evil-doers :rolleyes: to access the concourse...

    Takes about two mins and a copy of photoshop, etc...
     
  10. Mike

    Mike Founding Member Coach

    It's not as clearcut as every assumes. There were some characters colpuck couldn't identify in the bar code. Some of these could very well be a checksum that validates the rest. If you change other parts of the BP without updating the check characters, you might find yourself heading to a kiosk or check-in counter for a new BP, or perhaps they would direct you into a glass both for an hours of Smurf (expletive deleted) with America's dumbest apparatchiks.
     
  11. Mike

    Mike Founding Member Coach

    America Blog: TSA now giving tips to terrorists

    A security expert points out that the whole idea behind random screening is that the terrorists don’t know what to expect. Well, now they do!
     
  12. Mike

    Mike Founding Member Coach

    Now there are more & more articles about the security "threat" of providing oneself with security the way it ought to be. If anything, the appartachiks should wake up & realize that people are simply getting fed up with TSA's worthless 21+ layers of baklava and are willing to circumvent it.

    UK Daily Mail: Security alert over print at home plane tickets that can be altered to avoid US security checks

    Barcodes on airline boarding passes can be read using smartphones and altered to allow passengers through lighter security checks, an aviation security researcher has claimed ...With passengers able to print their boarding passes before they leave home, they can use barcode readers - which are available as smartphone apps - to see whether they have been selected.

    Aviation researcher? I remember him more as a bit of a party animal :D but whatever ...
    Other information stored on the barcode could be changed in exactly the same way, Mr Butler explains, including the passenger name and even the flight details.

    As I pointed out above, none of this addresses the check codes that are surely there, & colpuck himself admitted there were some characters whose purpose wasn't clear. When you want to transmit data digitally with any degree of reliability & integrity, you use check codes or checksums. Even seemingly simple things like an ISBN (International Standard Book Number) allocates one of its 10/13 characters as a check code.
     
  13. Mike

    Mike Founding Member Coach

    No! Say it's not true!

    Gizmodo: Boarding Passes Can Be Scanned By Smartphones to Reveal Planned Security Checks

    A security vulnerability in US domestic airline boarding passes means that travelers can scan the barcodes on their documents using a smartphone to reveals what kind of checks they are likely to face. The BBC is reporting that the barcodes are unencrypted and contain information about what airport checks a passenger will face. Theoretically that means a traveller could work out if they had been picked for pre-boarding checks or not, and smuggle unauthorized items on board a plane.

    Naked Security: Security scare after airline boarding passes reveal how passengers will be screened

    Bruce Schneier's head might explode.

    Has anyone checked to see if Bruce is OK? I'd hate for him to do a real, live replay of Scanners.

    The noted cryptographer and security Obi-Wan Kenobi has been a longtime critic of the US Transportation Security Administration (TSA) - accusing the agency of incompetence in the way it operates security screening at US airports. Now come reports that the agency has been tipping its hand to would be terrorists by disclosing what kind of security screening passengers who use the TSA's Pre Check program will receive up to 24 hours before their flight. The security lapse, first spotted by aviation bloggers, could give terrorists an easy way to slip through security check points with forbidden material without fear of getting caught.

    [​IMG]
    Please, boys & girls, don't let this happen to Bruce Schneier.​
     
  14. Mike

    Mike Founding Member Coach

    Just get rid of this "random" security bull:poop:. 60,000 two-digit IQ's hired off gas pump ads can't even follow a simple script. Let's just focus on providing an adequate security check to everyone.

    Smarter Travel: Security Threat Found in Boarding Passes

    Aiming to skip the long check-in counter lines, many airline passengers these days print their boarding passes ahead of time. Unfortunately, this technology could pose a security threat.

    Flyers who are part of the TSA's PreCheck program are eligible to get lighter and faster screenings at certain airports. This means they sometimes get perks like leaving their shoes on, keeing their 3-1-1 liquids inside carry-ons, and going through separate security lanes.

    One thing that helps the PreCheck program to work safely, is that PreCheck flyers are randomly selected to go through regular security checks, and the flyers do not know ahead of time if they will be able to pass through with only the lighter screening. Read more about the PreCheck program (including how to apply, here).

    However, new smartphone apps allow passengers to scan their pre-printed boarding passes up to 24 hours before a flight, and the barcode will reveal if the flyer has been selected for extra screening or not. Chris Soghoian, a security analyst at the American Civil Liberties Union tells USA Today why this is a problem: "If people can verify their PreCheck status at home 24 hours before the flight, the randomness is gone. The randomness needs to occur the moment you are in line, when it's too late to swap bags with your colleague or it's too late to throw something in the trash."
     
  15. Mike

    Mike Founding Member Coach

    The Blaze: What Security Vulnerability Has Been Revealed on Boarding Pass Barcodes?

    Frequent travelers were thrilled when the Transportation Security Administration rolled out its PreCheck Expedited Screening, which allowed them to leave shoes, belts on and other items on as they already have been pre-screened as safe travelers. Earlier this month a vulnerability was revealed with the new expedited screening though.

    On Oct. 19, John Butler on his blog Puckinflight started his post saying ” I am seriously concerned with boarding pass security in the United States.” He explained the flaw he found was in the barcode of his PreCheck passenger and flight information ID, which is printed on boarding passes. Using a website, he was able to decode this barcode and reveal that he was eligible for PreCheck for that flight, as well as other detailed info — all of which was unencrypted. To Butler, this means “terrorists or really anyone” could manipulate their own barcode, allowing them to go through PreCheck, and use a PhotoShop-like program to alter their ticket. He also said this flaw allows people to change their names as well.

    I love how these reporters keep glossing over the simple fact that Colpuck also pointed out that there were unidentified characters in the bar code that were probably check characters to prevent fraud.

    We can get information from the boarding passes, and I have no issue with that. "Random" security by an army of morons is nothing but bull:poop: anyway. But until/unless someone deciphers the algorithm that computes the check bytes, the boarding passes can't be forged.
     
  16. Mike

    Mike Founding Member Coach

    As Colpuck suspected and as any software engineer would expect, that the bar code contains check characters was confirmed in the WSJ's current Middle Seat column:

    TSA says it has multiple layers of security in place in case of forged boarding passes.

    [Dozens upons dozens of silly layers, yes we know.]

    If someone tried to change the coding to get PreCheck screening, different parts of the boarding pass wouldn't match and entry would be denied.

    [Well, duh, at least they tried to do something right. How secure it is I'm sure we'll soon find out. Probably not very.]
     
  17. Fisher1949

    Fisher1949 Original Member Coach

    That's good to know. Now we can change the rest of the BP so that they do match.

    Maybe telling everyone how to defeat the BP is one of the layers they talk about.
     
  18. RB

    RB Founding Member

    I'm not educated in the area of how checksums are created but it must be a mathematical formula. Given enough data I bet the method could be determined.
     
  19. Mike

    Mike Founding Member Coach

  20. RB

    RB Founding Member

    In the case of airline tickets would it be one algorithm for each airline or one across the industry. I guess they could have various combinations depending on time of day, day of week, month of year if they really wanted to harden the code.
     
Tags: pre-check

Share This Page