December 13, 2006

Fly Under a False Name
Buenos Aires, Argentina

In the United States with a flight you can't use? Give it to a friend.

In keeping with typical Argentine culture, I've switched over into major night owl mode (going to sleep after 3:00am). What I haven't been doing though is go out (no night clubs, no bars). Perhaps this is part of the reason why I'm not clicking with anyone in my hostel.

With the free Internet access and nights to myself, I've taken a moment or two to visit Web sites I haven't seen since I left Phoenix. One of them is Bruce Schneier's blog on security. Schneier is a very well known in the areas of information security and cryptography (creator of the Blowfish encryption algorithm).

I've always been interested in information security, and studied cryptography back in my undergraduate years. Before permanently donning my backpack, I often thought about changing gears into this field.

I mention all this because of a recent article published on his site/newsletter about electronic tickets in the United States. There is a flaw in the way the U.S. verifies passenger details that essentially allows anyone (terrorists, people on the no-fly list, etc.) to fly without issue. It basically boils down to a problem with how we pass through security with an electronic ticket and photo ID.

Abbreviated steps to getting on a plane:

  1. Buy a ticket online
  2. Print out the electronic ticket for boarding before your flight
  3. Present photo identification and boarding pass to airport security
  4. Present boarding pass to airline agent at gate
  5. Fly

What I, or most anyone else for that matter, can do is exploit the electronic ticket/security guard relationship. All it takes is a program like Photoshop, and about five minutes.

Let's say I've been banned from flying on Delta. In the following example, I'm going to fly using my friend Jane's ticket.

How to fly on someone else's ticket:

  1. Jane buys a Delta ticket online
  2. A few hours before the flight Jane checks into her flight via the Delta Web site, displaying a boarding pass for her to print
  3. The boarding pass is just an image file, and I simply Photoshop in my name for Jane's and print it out
  4. I give my drivers license and altered boarding pass to the guard at the x-ray/metal detector station (who simply checks to make sure the names on the two match), and pass though
  5. I put my ID away, give my altered boarding pass to the gate agent to be scanned, and board the plane

You see the problem? The TSA agents in the U.S. don't scan your boarding pass to verify for authenticity, they just assume the boarding pass was printed out from the Internet in an unaltered state.

This is how you can fly domestically in the United States on anyone's ticket, say goodbye to a loved one from the gate, or even remove the "SSSS" mark to avoid secondary screening.

The article is at http://www.schneier.com/crypto-gram-0611.html#8, which also mentions Christopher Soghoian, who made a program to do the name switch (and is in trouble), and why the airlines pushed for photo identification in the first place (revenue loss from ticket resellers).

Comments:

Matt

December 13th, 2006

Fantastic. Matt Sta, er, "John Fletcher" will be visiting you soon!

Edward

February 26th, 2009

… and if you're caught??

The United States

Jay

May 25th, 2011

Doesn't work in most airports anymore, as when you go through security, they scan the boarding pass and the name comes up on the display. They would see that the name is different than what is printed on the boarding pass.

Note: Comments are open to everyone. To reduce spam and reward regular contributors, only submissions from first-time commenters and/or those containing hyperlinks are moderated, and will appear after approval. Hateful or off-topic remarks are subject to pruning. Your e-mail address will never be publicly disclosed or abused.