Fun with Boarding Passes


Christopher Soghoian is a Ph.D student in the School of Informatics at Indiana University. His courses this semester range from “Cryptographic Protocols” to “Social Informatics of Security.”

When Christopher is not pursuing his education in the ways of electronic privacy and security, or securing dirt cheap “mistake” fares on FlyerTalk, he seems to have the most fun playing with the TSA.

You can read about his various exploits at his blog.

I say “playing” because you get the impression that Christopher feels that is what the TSA Is doing with its responsibility to airport security — playing with very inadequate tools and laughable procedures.

To prove his point, Christopher has now posted a “Fake Northwest Airlines Boarding Pass Generator.” Yes, that’s right. Just fill in the blanks and you’ll have your very own.

He also explains quite clearly two ways to get into secure airport areas using fake boarding passes. Take your pick.

As for the fake Northwest boarding pass, I’m not sure that Northwest will not try to have him remove this because it does have their logo on it — but the fact remains that all he has done is gone public with what we know is already being done anyway.

Then again, as someone on an airline email list I belong to commented — all one really has to do is make a copy of a real life boarding pass, save it into Word, or even better a full-blown design program such as Quark or Illustrator, and then make changes to flight numbers after the fact.

This method would certainly work if you wanted to walk onboard with one pass, and “upgrade” yourself into business class, for example.

Although, I have a question for the airline operations geeks out there. Wouldn’t a fake upgrade be easily detected when the passenger count per cabin was taken onboard?

As I have written in PBB before, because the TSA does not use bar code readers to scan passenger boarding passes when a passenger enters the screening areas in concourses — the whole idea of “checking IDs” before one is screened is ridiculously useless.

And Christopher is all too happy to help make that point.