How your Boarding Passes Can Pose Serious Security Risks to your Privacy
After a flight, we often find ourselves with a now useless boarding pass in our pocket, and naturally throw it out the first chance we get. Unfortunately, we have some bad news for those of you that follow this habit. Those boarding passes you quickly toss out in the airport trash can contains a barcode that holds a lot of personal information about you and your trip. Someone who is well versed in hacking would be able to use that information to gain your personal details and potentially misuse them.
What is a barcoded boarding pass?
A Bar-Coded Boarding Pass (BCBP) is the standard for printing and scanning customer boarding passes, and it is commonly used by more than 200 airline operators around the world. The 2-D barcode can be printed on paper or can be sent to a smartphone, which is then scanned by the airport authorities to validate customers before they board a flight. As of 2010, all boarding passes have been required to be barcoded by law, ironically for additional security.
What information does a barcoded boarding pass contain?
The barcode on a boarding pass not only contains the information that is written on the pass itself; it also contains the customer’s frequent flier number and the record key for the flight that the customer took.
How is acquiring this information potentially harmful?
When this information is analyzed as small bits and pieces, it does not pose much of a risk. However, should an experienced hacker get their hands on such data, he can subsequently use it to hack into the account of the flier and gain access into other personal accounts as well. Any hacker that knows what they are doing simply needs one entry point to maximum damage in a chain reaction. With the information taken from the barcode, a hacker can ultimately get access to the individuals:
- Phone number
- Email address
- Frequent flier number
- Information about all future flights from that account
- Linked access to email accounts
- Linked access to card details or financial accounts
- Ability to perform social engineering with the information available
While the information that can be gained from a boarding pass and barcode is seemingly not dangerous at first glance, it can be misused by an experienced hacker looking to get access to other accounts. The safest way to dispose of a boarding pass (after flying) is to either shred it or at the very least tear the barcode section into small pieces so that they cannot be pieced back together.