SOAR Platform / Blog / How your Boarding Passes Can Pose Security Risks to your Privacy

How your Boarding Passes Can Pose Security Risks to your Privacy

After a flight, we often find ourselves with a now-useless boarding pass in our pocket, and naturally, throw it out the first chance we get. Unfortunately, we have some bad news for those of you that follow this habit: that boarding pass you quickly toss out in the airport trash contains a barcode that holds a lot of personal information about you and your trip. A well-versed hacker would be able to use that information to gain your personal details and potentially misuse them. Therefore, boarding passes can post security risks to your privacy.

What is a barcoded boarding pass?

A Bar-Coded Boarding Pass (BCBP) is the standard for printing and scanning customer boarding passes, and it is commonly used by more than 200 airline operators around the world. The 2-D barcode can be printed or sent to a smartphone, which is then scanned by airport authorities. As of 2010, all boarding passes are barcoded by law, ironically for additional security.

What information does a barcoded boarding pass contain?

The barcode on a boarding pass not only contains the information that is written on the pass itself; it also contains the customer’s frequent flier number and the record key for the flight that the customer took.

How is acquiring this information potentially harmful?

When this information is analyzed as small bits and pieces, it does not pose much of a risk. However, if an experienced hacker gets their hands on such data, they can subsequently use it to hack into the flier’s account and gain access into other personal accounts. Any hacker that knows what they are doing simply needs one entry point to maximum damage in a chain reaction. With the information taken from the barcode, a hacker can ultimately get access to the individuals:

  • Name
  • Phone number
  • Email address
  • Frequent flier number
  • Information about all future flights from that account
  • Linked access to email accounts
  • Linked access to card details or financial accounts
  • Ability to perform social engineering with the information available

While the information from a boarding pass and barcode is seemingly not dangerous at first glance, an experienced hacker looking to get access to other accounts can misuse it. The safest way to dispose of a boarding pass is to either shred it or tear the barcode into small pieces so it can’t be pieced back together.

Leave your comments