Free Travel by Hacking Your iPhone

Anthony Hariton, a computer science student in Greece, plans to give a lecture at a conference in May on how he managed to generate fake boarding passes with his iPhone. (HT to Slashdot)

On the surface it doesn’t seem too difficult. Not that I know how it works from a technical perspective, but I’ve already shown that some information on a boarding pass barcode can be decoded to estimate your success getting access to the TSA’s PreCheck line. It stands to reason that one could figure out other relevant information required to generate your own barcode entirely from scratch.

But that only gets you past security. At the gate, your boarding pass information is supposed to be reconciled with the flight manifest. Flight attendants will do this with paper copies if they have to, but normally they scan the boarding pass and a computer checks it automatically. This is why the machine will sometimes create an error message if it notices two customers have the same assigned seat or if an upgrade has been processed while the customer still has the old boarding pass.

Mr. Hariton seems to think he’s found a way around this reconciliation process and won’t share the details yet. But I found it interesting enough to share. Maybe someone who reads this blog knows more about it than I do.

And obviously, actually using a fake boarding pass is a really bad idea if you’re at all worried about getting in trouble with the airline and a host of government agencies. There’s a particular risk that you pick a seat assigned to someone else and you’ll get found out. But I’ve been on enough international flights with half-empty first and business class cabins that it would be fun to consider the possibility.

Fly Business Class from Seattle to Europe for under $1,500
Is Uber's Surge Pricing Model Fair?

Scott created Travel Codex after learning how to travel better on a budget during grad school. He now flies over 150,000 miles every year.
Email // Twitter // Facebook // Google+ // Subscribe by RSS

  • Bandolrose

    This seems like a crazy idea and ripe for being utilized for terrorist purposes, what possible value could this post provide to the readers of this blog?

    • Scottrick

      Maybe others will find it an interesting story and will want to read more about it. I don’t expect everyone to benefit from everything I write.

      If you want to talk about value-less content, I could point you to an issue of TV Guide, but then there are others who probably find “Real Housewives” more interesting and applicable to their lives than I do.

      • jennifersoars

        I, for one, find it interesting as well! I think it has value insofar as it is an intellectually intriguing proposition, and that’s precisely why I prefer your voice to most others in the miles and points world, Scottrick.

        • Pete

          I agree with you, up until the last paragraph:
          “And obviously, actually using a fake boarding pass is a really bad idea if you’re at all worried about getting in trouble with the airline and a host of government agencies. There’s a particular risk that you pick a seat assigned to someone else and you’ll get found out. But I’ve been on enough international flights with half-empty first and business class cabins that it would be fun to consider the possibility.” Here it goes from intellectual curiosity to “fun to consider the possibility” of actually trying this. As someone pointed out, that would be stealing, and if the last paragraph had read: “actually using a fake boarding pass is illegal and is not a good idea by any stretch of the imagination” I think this would have been a reasonable post. Now, not so much.

          • Scottrick

            I have an inquisitive mind and like to consider what’s possible separately from what I might actually do. I never encouraged anyone to falsify their boarding pass, and I certainly didn’t provide instructions on how to do so. I only said someone was talking about and it’s an interesting idea insofar as it considers the limitations of current technology (if any, since the student still hasn’t proved anything publicly).

      • Mike

        Response was not classy at all. Thumbs down

        • Scottrick

          Neither was the question. I don’t censor readers or myself.

          • Jared

            I have to say I appreciate the lack of censorship on comments. Many bloggers on BA seem to hold back any reasonably critical comment.

            Also, if you want to talk about value-less content all you have to do is read points and pixie dust. More than 50% of the content on that blog has nothing to do with travel. In fact, the author of that blog admitted her blog is not actually a travel blog. Somehow she is still a part of the BoardingArea network.

          • Stephanie

            Your criticism is selfish and too harsh, Jared.

            I don’t think Points & Pixie Dust is value-less at all. You’re probably not in the perfect audience for that blog, which is why you don’t think it’s useful. However, for people who ARE in that audience (I’m thinking it includes young adults, women, and people interested in reading a travel *and* lifestyle-centered blog), it’s got great content. I love the mix of stories and information that the author provides; it’s fresh. As a 26 year old woman, I appreciate her beauty and clothing posts, alongside her travel tips. As long as her posts are relevant to someone, her blog is not value-less at all.

            Malta Points posts pretty much only about travel related to Malta. I have no interest in that content since it doesn’t pertain to me (I’m half a world away and have no plans to visit), but that doesn’t mean that blog is value-less. I’m sure it’s useful to several people out there.

          • Scottrick

            While I try to avoid censoring people, I do ask that you try to keep it on topic. ;) This post isn’t about who has the best blog.

          • Jared

            Its not so much about the best blog, its about whether a blog is appropriate at all. What are the standards for joining BoardingArea? It seems like there are tons of blogs that have been added to the network lately that make no effort at all to post original or interesting content. These blogs are bringing down the rest of the good blogs on BoardingArea. Does Randy care about the quality of the blogs or does he just care about how many hits they get?

          • Scottrick

            I can tell you that Kendra’s contributions to BoardingArea are appreciated. I can also tell you that BoardingArea is always considering new ideas, and I think you will like some of the new developments. This may or may not provide you with some additional answers:

            http://milepoint.com/forums/threads/boardingarea-opens-call-to-host-new-blogs.84945/

          • Jared

            Boarding Area by its own definition is a collection of travel blogs. Kendra herself has admitted her blog is not about travel it is about whatever she likes. Therefore her blog does not belong on Boarding Area. Its as simple as that.

          • CF

            There’s value in feedback, but simply passing judgment without adding value wastes everyone’s time. I have no idea if it’s the same person, but sounds a lot like another “Jared” who posted a judgmental rant on another BA blog b/c the particular content didn’t pertain to him (I assume it’s a him). Might want to lighten up, dude. If a blog doesn’t suit you perhaps you just move on and find things to do in life that suit you better?

            http://heelsfirsttravel.boardingarea.com/2014/02/01/airline-amenity-kit-made-miss/

    • mike

      aww that’s cute you think terrorists actually couldn’t get in now.

  • DaveZ

    I, too, think this is a crazy idea… but it is also very interesting… and thanks for posting… I like to see anything that can affect the way I travel. If there is an exploit like this, it is important to bring it to the light of day. I’m sure there will be more than one airline IT programmer at that conference. Now if anyone is crazy (or stupid) enough to try it… enjoy your stay at Hotel Interpol, where there are no complimentary suite upgrades, but the Double Dip promotion never expires.

  • MarkD

    I’d use it for lounge access…

    • Scottrick

      There are probably easier ways, including buying and refunding full-fare or award tickets. Another thing that may get you in trouble if you do it too often.

      • Pete

        Scott, maybe you should ponder for a little while where you “draw the line”, and then post something about it, so that readers like myself can determine whether we should be reading your blog

        • Rusty Longwood

          Eh, I’d read a blog about someone doing illegal or immoral things.

  • DWT

    I would love to see someone try this on an international flight when he arrives at immigration without having been on the flight manifest that was already electronically transmitted to the destination country

    • Scottrick

      Good point, I hadn’t thought about security controls after departure.

  • Jessica

    I believe they call this theft.

    • Scottrick

      I think theft charges would be the least of one’s concerns for anyone who was caught doing this.

      • FL_FF

        You mean, because anyone doing this would have no morals to begin with, I presume?

        • Scottrick

          Lack of one moral — the decision to steal — does not imply the lack of other morals.

          • Jessica

            Actually, the decision to steal does show lack of several morals such as honesty, integrity, generosity, respecting others, showing self-control, being fair, abiding by the law, being cooperative, being accountable, having empathy, having patience…

            And frankly, I’m not so sure I will be reading this blog after several of your comments regarding this issue.

          • Scottrick

            But not no morals to begin with. I respect your decision to choose what you read, as I hope you respect my decision to respond calmly to others’ criticism.

    • Rusty Longwood

      Fraud more likely

  • Greg

    Back in the early 2000s when online boarding passes were first introduced they were ridiculously easy to spoof. Just needed photoshop or powerpoint to change things and a lack of barcode readers at many stations made them ripe for it.

    But the penalties are justifiably very high for doing this, thus never widely attempted.

  • Bart

    Negative credibility points. Sorry. Reeks of childish shenanigans.

  • Brian

    Thanks for posting this Scott. I appreciate the diversity in your postings. I’ve read enough about CVS and new Amex cards from everyone else all week, so I’m happy you post other stuff to talk about. Clearly not everyone likes it, and for some reason they cant distinguish between being interested in the concept and being interested in actually doing this. It is a very interesting idea and I give you kudos for posting about it. Cheers!

    • Reply

      Wait, who cannot distinguish those things?

      “But I’ve been on enough international flights with half-empty first and business class cabins that it would be fun to consider the possibility.”

      • Scottrick

        “Consider” and “act on” have different meanings. Consider means to think carefully about something, as we are doing here.

        • Duck

          You sound rather dumb now. You might consider the idea, perhaps, because it involves an interesting puzzle. If you consider it because of all the empty seats on international flights, you are considering it because you may act on it – because you think you can get away with it (see your point on the double seating risk).

          • Scottrick

            No, I think it’s fun because I know there are lots of empty seats up front and I would like to do more travel in first class, though I explain why it would be a bad idea to act on it in practice.

            It’s like watching a film about James Bond and thinking it would be fun to drink a dozen martinis before I go out to shoot a bunch of bad guys and drive away in an Aston Martin with a super model. I probably will never do any of those things — even drinking a dozen martinis. Daydreaming is a replacement for those things we know we can’t or shouldn’t do in real life.

          • duck

            Ok – so you’re not interested in it from an intellectual, “let’s solve the puzzle of the information in the barcode” perspective, correct? You’re interested in it from the “oh, if only this weren’t illegal, I could fly first class all the time” perspective. That’s disappointing from a biology PhD.

  • Sarah C

    its posts like these that keep you on my read list. I appreciate your work. I love reading about stuff like this because I like to know how things work. I work in the tech field and knowing how to hack is one of the best ways to prevent from being hacked yourself… Keep hacking!

  • http://www.beatstockpromoters.com/ beatstockpromotersdotcom

    Homeland Security is gonna be at your door lol

  • Darth Chocolate

    Sounds like a great idea!

    If you want a one way ticket to the NO-FLY list. Then try getting off of it.

  • FishMN

    Scott, you have always been your own brand of travel hack blogger. Keep posting these unusual, offbeat, and challenging-the-norm posts. I like how you keep mixing things up. Let people looking for “me too” posts gravitate to blogs that satisfy that need.

  • Cashville Skyline

    Eek! Thanks so sharing, but I’d be way to scared to try something like this.