Anthony Hariton, an 18 year-old computer science undergrad from the University of Crete in Greece has claimed to have developed a method to get free flights by creating a fake boarding pass for Apple’s Passbook.  Anthony who tweets under the handle of @DaKnObCS gave a sneak peek into the method which he intends to present at the Hack in the Box conference  which will be held on May 29  in Amsterdam.
Greek Hacker claims to have developed a method to get free flights by creating a fake boarding pass for Apple’s Passbook
Anthony said that the bypass he discovered, affects the the ticket scanners used before the passengers step onto the jetway to board a plane. As per Anthony anyone with knowledge of the bypass can board a plane from a European Union airport to a destination of their choice by creating a fake boarding pass within Apple’s Passbook App.

However the claim has not yet been verified by any competent authority either from the aviation side or from the security researcher side. Normally for boarding a plane, the boarding gate scanners should reconcile a passengers’ ticket with the airline’s departure database to ensure only legitimate passengers board.  But his claim has got some attention from the IATA who has neither dismissed the claim nor accepted it.  Its communications officer said, 

“Airports have scanners at the boarding gates (and many are implementing these prior to security checks) whereby the data scanned is matched against the airlines’ departure control system to reconcile the passengers on board the flights against those booked on the flight. In fact, following the introduction of bar coded boarding passes six years ago, airports have automated the reconciliation process of the boarding pass and the passenger list at the boarding gates.”

Once a system blackout is triggered, operators revert back to the old system of manual checks so IATA feels that any person with a fake tickets will be caught anyhow at the boarding gate.

Anthony has dismissed IATA’s assertion and added that the model used in all EU airports to check the validity of tickets was “malfunctioning” noting they lacked “direct access to the airliner database” The method developed by Anthony uses CSS and Java coding within a browser and, using an API, they can be transferred to Apple Passbook.

Anthony has not yet tested his research by using it to board a plane himself.  But he claims that it should work without any detection. Anthony says,  the only risk is that if a person uses this method to board a fully booked plane, he/she may be caught.

“Currently, if you get into a completely booked flight and you have no place to sit, it will obviously be detected,” Anthony concluded.

Resource : ITNEWS