An anonymous reader quotes a report from Help Net Security: Przemek Jaroszewski, the head of Poland’s Computer Emergency Response Team (CERT), says anyone can bypass the security of the automated entrances of airlines’ airport lounges by using a specially crafted mobile app that spoofs boarding pass QR codes. He created one for himself, and successfully tried it out on a number of European airports. Usually, to enter these lounges, travelers need to let the scanner at the entrance scan the QR code on their boarding pass, and the doors open automatically. Jaroszewski created an Android app that creates fake but acceptable QR codes. He says that aside from a valid flight number, the QR code doesn’t have to include correct information (traveller’s name, flight destination, etc.). According to WIRED, the U.S. Transportation Security Administration (TSA) and the International Air Transport Association (IATA) don’t consider this particular issue a problem that needs fixing. They said “any such boarding pass security flaw would be the airlines’ issue.” Here is an unlisted video of the hack in action.
Read more of this story at Slashdot.