Flying on Someone Else's Airline Ticket
Slate has published a method for anyone to fly on anyone else’s ticket.
I wrote about this exact vulnerability a year and a half ago.
The vulnerability is obvious, but the general concepts are subtle. There are three things to authenticate: the identity of the traveler, the boarding pass, and the computer record. Think of them as three points on the triangle. Under the current system, the boarding pass is compared to the traveler’s identity document, and then the boarding pass is compared with the computer record. But because the identity document is never compared with the computer record—the third leg of the triangle—it’s possible to create two different boarding passes and have no one notice. That’s why the attack works.
Israel Torres • February 8, 2005 11:58 AM
Hell, once someone is inside the terminal nothing is stopping an attacker from waiting until the last passenger is boarded, then do a running sprint before the cabin door is closed and pretty much single-handedly coldcock the females standing in the way and gaining entrance to the cockpit if there is a door available. Then with all the flying experience fly the passenger jet up and out… it just takes one bad apple to poison thousands.
Sure post 9/11 it is likely that if there are passengers witnessing this encounter they may intercede in their favor, but with the counter being sleeper agents that can choke access points for enough time for the rogue pilot to hijack the airliner there is no guarantee that the common man can stop the attackers intentions from occurring.
No need for a duped ticket, duped identity, concealed weapons… just lots of patience, a few buddies and a simple strategy to implement their will.
Israel Torres