Apple Passbook App hack + social engineering = Free air travel

By  | 

A computer science student and now a security researcher in his late teens claims that he has found a way to fly for free in Europe using an Apple Passbook App hack he developed combined with the age old yet fruitful method of social engineering.

Anthony Hariton, who studies at the University of Crete in Greece, claims that he has developed an iPhone hack that allows him to travel across Europe for free through fake boarding passes created using just a computer and an iPhone.

The exact techniques used by the hacker won’t be known until he presents his findings at the Hack in the Box Security Conference (HITBSecConf) 2014 in Amsterdam through his presentation titled “Exploiting Passbook to Fly for Free”, but it seems that Hariton has managed to fly atleast once using the hack.

According to Hariton, the issue is with the ticket scanners right at the boarding area used before the passengers board the plane.

He said that anyone with the knowledge of the hack can board a flight from any of the airports in the European Union to a destination of their choice by creating a fake boarding pass with the hack he developed.

According to the vague details he provided, there is an issue with how the validity of the boarding passes is checked as the scanners didn’t have direct access to the airliner database. The only problem would arise if the hacker tries to board a plane that has been fully booked.

The fake boarding passes were created using a simple technique that used CSS and JavaScript within a web browser. Beyond the fake boarding pass, the security researcher said that those looking for free travel will be required to utilise a few social engineering skills as well and should have a good poker face.