Forge Your Own Boarding Pass

Last week Christopher Soghoian created a Fake Boarding Pass Generator website, allowing anyone to create a fake Northwest Airlines boarding pass: any name, airport, date, flight. This action got him visited by the FBI, who later came back, smashed open his front door, and seized his computers and other belongings. It resulted in calls for his arrest -- the most visible by Rep. Edward Markey (D-Massachusetts) -- who has since recanted. And it's gotten him more publicity than he ever dreamed of.

All for demonstrating a known and obvious vulnerability in airport security involving boarding passes and IDs.

This vulnerability is nothing new. There was an article on CSOonline from February 2006. There was an article on Slate from February 2005. Sen. Chuck Schumer spoke about it as well. I wrote about it in the August 2003 issue of Crypto-Gram. It's possible I was the first person to publish it, but I certainly wasn't the first person to think of it.

It's kind of obvious, really. If you can make a fake boarding pass, you can get through airport security with it. Big deal; we know.

You can also use a fake boarding pass to fly on someone else's ticket. The trick is to have two boarding passes: one legitimate, in the name the reservation is under, and another phony one that matches the name on your photo ID. Use the fake boarding pass in your name to get through airport security, and the real ticket in someone else's name to board the plane.

This means that a terrorist on the no-fly list can get on a plane: He buys a ticket in someone else's name, perhaps using a stolen credit card, and uses his own photo ID and a fake ticket to get through airport security. Since the ticket is in an innocent's name, it won't raise a flag on the no-fly list.

You can also use a fake boarding pass instead of your real one if you have the "SSSS" mark and want to avoid secondary screening, or if you don't have a ticket but want to get into the gate area.

Historically, forging a boarding pass was difficult. It required special paper and equipment. But since Alaska Airlines started the trend in 1999, most airlines now allow you to print your boarding pass using your home computer and bring it with you to the airport. This program was temporarily suspended after 9/11, but was quickly brought back because of pressure from the airlines. People who print the boarding passes at home can go directly to airport security, and that means fewer airline agents are required.

Airline websites generate boarding passes as graphics files, which means anyone with a little bit of skill can modify them in a program like Photoshop. All Soghoian's website did was automate the process with a single airline's boarding passes.

Soghoian claims that he wanted to demonstrate the vulnerability. You could argue that he went about it in a stupid way, but I don't think what he did is substantively worse than what I wrote in 2003. Or what Schumer described in 2005. Why is it that the person who demonstrates the vulnerability is vilified while the person who describes it is ignored? Or, even worse, the organization that causes it is ignored? Why are we shooting the messenger instead of discussing the problem?

As I wrote in 2005: "The vulnerability is obvious, but the general concepts are subtle. There are three things to authenticate: the identity of the traveler, the boarding pass and the computer record. Think of them as three points on the triangle. Under the current system, the boarding pass is compared to the traveler's identity document, and then the boarding pass is compared with the computer record. But because the identity document is never compared with the computer record -- the third leg of the triangle -- it's possible to create two different boarding passes and have no one notice. That's why the attack works."

The way to fix it is equally obvious: Verify the accuracy of the boarding passes at the security checkpoints. If passengers had to scan their boarding passes as they went through screening, the computer could verify that the boarding pass already matched to the photo ID also matched the data in the computer. Close the authentication triangle and the vulnerability disappears.

But before we start spending time and money and Transportation Security Administration agents, let's be honest with ourselves: The photo ID requirement is no more than security theater. Its only security purpose is to check names against the no-fly list, which would still be a joke even if it weren't so easy to circumvent. Identification is not a useful security measure here.

Interestingly enough, while the photo ID requirement is presented as an antiterrorism security measure, it is really an airline-business security measure. It was first implemented after the explosion of TWA Flight 800 over the Atlantic in 1996. The government originally thought a terrorist bomb was responsible, but the explosion was later shown to be an accident.

Unlike every other airplane security measure -- including reinforcing cockpit doors, which could have prevented 9/11 -- the airlines didn't resist this one, because it solved a business problem: the resale of non-refundable tickets. Before the photo ID requirement, these tickets were regularly advertised in classified pages: "Round trip, New York to Los Angeles, 11/21-30, male, $100." Since the airlines never checked IDs, anyone of the correct gender could use the ticket. Airlines hated that, and tried repeatedly to shut that market down. In 1996, the airlines were finally able to solve that problem and blame it on the FAA and terrorism.

So business is why we have the photo ID requirement in the first place, and business is why it's so easy to circumvent it. Instead of going after someone who demonstrates an obvious flaw that is already public, let's focus on the organizations that are actually responsible for this security failure and have failed to do anything about it for all these years. Where's the TSA's response to all this?

The problem is real, and the Department of Homeland Security and TSA should either fix the security or scrap the system. What we've got now is the worst security system of all: one that annoys everyone who is innocent while failing to catch the guilty.

This essay -- my 30th for Wired.com -- appeared today.

EDITED TO ADD (11/4): More news and commentary.

EDITED TO ADD (1/10): Great essay by Matt Blaze.

Posted on November 2, 2006 at 6:21 AM • 55 Comments

Comments

Concerned CitizenNovember 2, 2006 6:46 AM

Thank you Mr. Schneier. I was waiting for your response to this. I feel we are supressing our right to discuss these problems openly.

AlanNovember 2, 2006 7:21 AM

Bruce,

I don't understand your conclusion in this essay at all. We've established that the TSA checks boarding passes simply to reduce the # of people going through security, so they don't have to check people who are not flying. We've also established that the ID check is to prevent the transfer of non-refundable tickets. So neither of these things, the boarding pass check at the security checkpoint, or the ID check have anything to do with security.

Then you go on to say we should blame the TSA for the security failure, and they should either fix the system or scrap it. But what security failure are you talking about? You also say "the threat is real", but again, what threat are you talking about, and how would fixing the alleged security failure address this threat?

I've always understood your point to be that we should scrap this system, because it does not and cannot provide increased security. So what do you mean then by fixing it?

Alan

Drew ThalerNovember 2, 2006 7:24 AM

Threeth. Yes, you are spot-on about the airlines causing both ends of the ID debacle.

With short-sighted and/or greedy airlines, and a government more concerned about the appearance of security than the real thing, our airline woes don't look like they're going to get any better any time soon.

If anyone reading this has an alternative to air travel that can compete with it on speed, now's the time to do it! We've got a seriously flawed product and no competition...

AntoninNovember 2, 2006 7:40 AM

Markey's updated statement, which says this, still bothers me:

> Subsequently I learned that the person responsible was a student at Indiana University, Christopher Soghoian, who intended no harm but, rather, intended to provide a public service by warning that this long-standing loophole could be easily exploited.

So, if he *had* intended harm, Markey would still ask for him to be arrested, even though he didn't actually break any laws (or do anything that anyone with 15 minutes and access to a tool like the GIMP couldn't have done on their own)? Maybe Markey should read up on a few things, like those called "free speech" and "thought crime"; it would behoove a congressman to know the meaning of these.

(And on a side note, the FBI can raid someone's house when that person isn't even there, leave the front door broken, and just put up a note saying, in essence, "we took your stuff"? That doesn't seem right to me, either.)

vwmNovember 2, 2006 8:04 AM

Last week I traveled from Germany via Paris to Washington DC and back with Air France. Each time during the boarding procedure my passport was compared to the boarding-pass just before the boarding-pass was scanned.

So while a fake boarding-pass might have gotten me through the airport security I do not think it would help me using someone else's ticket.

Matti KinnunenNovember 2, 2006 8:08 AM

@Drew

The alternative to flying is taking the train. Actually, trains are competitive with planes up to 500 km or so, when one counts time to city center to city center.

Trains are also safer for the climate. USA could fix both its industrial base and climate record by moving from car&plance to trains.

Just retool the car factories to build trains and track, use say 20% of the defence budget in building the tracks. That would give you employement, reduce pollution and also free you from dependency from foreign oil.

It is so simple, that only American can fail to see it.

afrNovember 2, 2006 8:15 AM

Bruce, you know it. We know it.

Now, could somebody please hijack a plane using a boarding pass in order to make TSA ban boarding passes on planes?

;-)

winsnomoreNovember 2, 2006 8:24 AM

@Matti

Only brilliant minds from europe will come up with such clean cogent arguments

Why not go one more step; for < 10Km. retool factories to make bicycles .. they are the best for env. and keep people fit ..

And for < 5Km ban bicycles and make people walk.

And oh .. make sure people print the proper pass to use the correct mode of transportation before they leave home ..

HulluNovember 2, 2006 8:27 AM

And for distances below 2km force people to run at gunpoint, no reason someone should walk such a short distance!

KellyNovember 2, 2006 8:30 AM

I think there is some confusion about the ID check. At the airports I've been through, the person that checks the boarding pass against your ID is not a TSA employee. They were not wearing TSA uniforms and I've even asked them to confirm this.

It's been mentioned that TSA now asks to see (only) your boarding pass as you go through the portal, but has anyone actually seen a TSA employee checking boarding passes against IDs? As Bruce says in the essay, the ID check is not really a security measure.

bobNovember 2, 2006 8:41 AM

@Drew Thaler: the alternative is air-taxi. Hire a small plane to fly you (and 1 or 2 others at the same price) directly from an airport much closer to your origin than a commercial terminal directly to an airport much closer to your destination than a commercial air terminal.

No lines. No TSA. Take a screwdriver and pocketknife on board with you. Leave and arrive on your schedule, not theirs. No layovers or hubs. And your luggage is 2 rows behind you, only way it can be lost is if YOU forget it.

ChrisNovember 2, 2006 8:41 AM

To my mind, the problem here isn't that there are real and obvious holes in the security system; that's merely a symptom of the problem. Rather, the real problem is the government's response to the public disclosure of well-known holes. Any security system that suppresses the knowledge of faults rather than embraces and rectifies them is doomed to failure. It's the Emperor Has No Clothes as writ by the TSA.

To be frank, anyone intending harm to the air traffic system has known about or figured out this problem years ago. It was immediately obvious to me the first time I got a boarding pass at the airport with SSSS on it after 9/11. An amateur like myself can recognize and devise an exploit of this problem in under 15 seconds; there's no security to be had here. If I was so inclined, I'm sure I could spend the 15 minutes it would take to forge my own boarding pass even without this guy's tool.

Obviously, the only fool-proof way to prevent this attack in the future is to ban all printers in private hands. And printing presses. Oh, and colored pens just in case someone can draw really well...

GregNovember 2, 2006 8:42 AM

@winsnomore
follow the kenyan model: for less than 20km, run. works for school kids and you get the odd olympic champion

Johnathon TiemanNovember 2, 2006 9:21 AM

I think a minor correction should be made to Bruce's article. The fake boarding passes don't technically get you "through security". This enables someone who has not bought an airline ticket to be processed by airport security, which proves even more that the FBI and Rep. Markey have no idea what Soghoian actually did (or even worse, demonstrates the power the airlines have if you cut into their profits). It's not like a terrorist can use this to get a bomb or knife or anything through security (I'm not saying they couldn't get it through, it's just this doesn't assist them, other than perhaps enabling them to try).

bobNovember 2, 2006 9:38 AM

@Matti Kinnunen:Most european trains (obviously some exceptions, like Thalys and Eurostar) are strictly in-country. And all european countries combined are about 1/2 the size of the US. Therefore distances are shorter. In the US, distances are greater, the infrastructure
would be much more expensive. And that gives you a whole new security vulnerability, as you would have to secure the entire length of track rather than the endpoints (airports). Witness Madrid, when Al-Quaida bought the election in Spain.

Also the train would have to be diesel (or a "modern" steam engine since the US has a LOT of coal) and even if we did use electricity, we would have to build either coal or nuclear power plants to provide the electricity.

(to see what a hypothetical modern steam locomotive would look like try: hxxp://paintshop.railfan.net/images/moldover/ace3000-4.html)

And that 20% of our defense budget you want us to scavenge; would that be the portion of the US defense budget that has been taken advantage of by europe for the last 50 years so the europeans dont have to use their own money to defend themselves?

AndrewNovember 2, 2006 10:12 AM

I am somehow not surprised that the FBI's reaction to the boarding pass Web site, demonstrating a widely known vulnerability in a fairly harmless way, is to RAID THE GUY'S HOUSE.

His "real" crime is making DHS look stupid and incompetent. They are stupid and incompetent, and they know it. Thus the raid.

This is intended to give us confidence in the nation's security how?

It would be far, far easier for a tango to simply EDIT THE HTML CODE of the typical boarding pass, at will, using no tool more complex than a text editor.

Matti KinnunenNovember 2, 2006 10:19 AM

Bob,

USA is rich enough to maintain the interstate highways. A rail system would be much cheaper to run and maintain.

Trains use quite insignificant amount of energy compared to cars or planes. No problem here.

About the US defence budget. At more than half a trillion dollars, it is cleary too large and not reallyt buying any security for the USA. About Europeans, well, we are very much capable of defending ourselves ourselves. Thanks.

I do not see any reason to secure the whole railsystem as long as killing 40000 by cars is OK.

gnomeNovember 2, 2006 10:35 AM

It's certainly obvious to me that the government should use every means at its disposal to intimidate, harrass, and threaten anyone who shows the man behind the TSA's woefully inadequate curtains, regardless of whether the law was actually broken. In this age of ever-increasing technological integration with this society, puffed up cowards with no brains or hearts, i.e. Senators and Representatives with no clue about technology or security, need to step down.

AnonymousNovember 2, 2006 10:49 AM

An amusing anectdote about the scanning of boarding passes by airlines and how they use all the information they collect.

I was standing behind a gentleman in line to board the aircraft when his boarding pass was scanned and rejected because "Passenger already boarded plane" (I could read the display on the boarding pass scanner). The gate attendant scanned the boarding pass a few more times getting the same result each time. They inspected the boarding pass and everything about it seemed ok. A few minutes later, they pulled another gentleman off the plane and compared his boarding pass to the one held by the man in front of me.

It turns out, the guy they pulled off the plane was booked on a flight to the same destination, only two hours later, in the same seat as the gentleman being rejected. So, as far as I could tell from observing the entire situation, the only thing this particular boarding pass scan checked for was is this seat occupied. No verification of flight #, destination, time, anything.

I think it just goes to show you how much information the airlines have, but how little they do with it.

AnonymousNovember 2, 2006 11:03 AM

"It's been mentioned that TSA now asks to see (only) your boarding pass as you go through the portal, but has anyone actually seen a TSA employee checking boarding passes against IDs? As Bruce says in the essay, the ID check is not really a security measure."

Um... While not as often as some, I do fly several times a year, and my boarding pass is always checked to my ID by a TSA official before the security checkpoint. Uniform and everything.

gregNovember 2, 2006 11:10 AM

Never been to the US and don't intend to change that. But when i fly international the boarding passes are checked agaist your passport at every checkpoint, including the last one just as you get on the plane. Also they have a magnetic strip.

Etickets are popular too, but thats just lets you get your boarding pass. You can't print them.

There is the other issue too. Disclosure. We know that securty via obseurity does not work. But the fact remains that everyone (who can fix it) ingnores the problem till its forced on them like this. What is going to happen with Diebold voting machines? When will ppl take its very serious security problems as a threat? Probably *after* someone provides such a tool to the public.......

Sorry about the spelling....

alskflhNovember 2, 2006 11:13 AM

@Matti:

Right now, in the U.S., trains are NOT competitive up to 500km (at least on the West Coast). A 5-hour delay on a 4-hour trip is not very uncommon of. There's no wonder lond-distance trains are marketed and perceived as roughly the equivalent of a ship cruise in Europe: It's slow, relatively expensive (when used on a regular basis), and you just do it for sightseeing and the fun of it. Not to actually get places on time.

The sad thing is if you see how even Los Angeles, one of the most car-centric cities these days, had once an extensive railway system:

http://en.wikipedia.org/wiki/Pacific_Electric

RvnPhnxNovember 2, 2006 11:26 AM

@Antonin
It is called a "Sneak and Peak" warrant--which is only supposed to be used in cases where:
--The suspect is a flight risk
--There is a chance that alerting the suspect to the search at the time of search would lead to the harm of innocent bystanders
--The suspect is a terrorist or involved in some [other] form of organized crime, whereby there would be a reasonable case that evidence would be destroyed if the warrant were served at the time of search
--The warrant is under FISA (which, as written, shouldn't be constitutional anyway), in which case we the people will never find out about the content of the warrant anyway (which is why FISA shouldn't be allowed).

So, unless the government could come up with a reasonable argument that this individual was:
--Intentionally aiding and abetting terrorism in the USA or
--Causing harm to and innocent bystander (if you truly think that the airlines are innocent)
then this individual's property should be returned and he should be issued an apology (publically).
(None of the above is likely to happen in our moronic government.)

tomhNovember 2, 2006 11:37 AM

The line "Sen. Chuck Schumer spoke about it as well" deserves to be amplified. By following your link (still live), one can see that Senator Schumer not only spoke about it, but continues to provide detailed, step-by-step "cookbook" instructions for exploiting this vulnerability, on a U.S. Government web site.

merkelcellNovember 2, 2006 11:49 AM

Yes, but with common sense what would the political hacks and gurus on the 24/7 news media have to scream about.

ZaphodNovember 2, 2006 12:04 PM

@Matti - you're doing a good job of presenting yourself as an idiot. Please don't bring politics into this blog.

Zaphod.

trainageNovember 2, 2006 12:12 PM

@bob re "modern" steam locomotive

The picture shows steam cylinders and pistons driving the wheels directly. Why?

So-called "diesel" locos are really diesel-electric. A diesel engine cranks a generator that powers electric motors to drive the wheels.

Given that most electricity generated today is by steam turbines driving generators, why not use steam to drive a turbine that generates electrical power for the locomotive?

It would be a lot more like the current diesel-electrics, so manufacturers could just replace the diesel unit, rather than the entire power and drive train.

What would be even better is if they designed a steam turbine that was the same physical size as the diesel-electric power plant, so railroads could drop it in to their current locos.

Bruce SchneierNovember 2, 2006 12:14 PM

"The line 'Sen. Chuck Schumer spoke about it as well' deserves to be amplified. By following your link (still live), one can see that Senator Schumer not only spoke about it, but continues to provide detailed, step-by-step 'cookbook' instructions for exploiting this vulnerability, on a U.S. Government web site."

I don't think that's a main point. The main point is that anyone with half an ounce of computer saavy has thought of it. It's that obvious.

HarroldNovember 2, 2006 12:26 PM

@Matti Kinnunen
"About Europeans, well, we are very much capable of defending ourselves ourselves."

You have two world wars that prove otherwise.

NicNovember 2, 2006 1:54 PM

@RvnPhnx
(None of the above is likely to happen in our moronic government.)

One thing our government is not (unfortunately) is moronic. Most of the erosion of civil liberties we have seen have been carefully planned and sold to the public who have largely welcomed them with cheers. If anyone is moronic, it is the public who have cheered the erosion of our rights. Once again this reminds me of Senator Amidala's line in Star Wars 3 "So this is how liberty dies... with thunderous applause."

ChrisNovember 2, 2006 2:13 PM

I agree with Alan and vwm that Bruce's implications are exaggerated. While it may be possible to use a forged boarding pass to get through security without additional screening, all first-tier Canadian airlines review ID and boarding passes at the gate (before going through the tunnel/tarmac to the plane) and again check the boarding pass at the plane's door.

At the gate check, the barcode on the boarding pass acts only as a unique identifier for the airline agent to look up the passenger's record. The agent then checks the name on their screen with the passenger's ID.

Assuming that the passenger's ID is valid, the passenger doesn't share a name with a legitimate passenger, and no one has compromised the database integrity, the only way someone could "fly on someone else’s ticket" would be if the forged pass was for a flight at the same gate and at the same time as the legitimate pass and the forger boards earlier than the legitimate customer. Seems like a very low risk

Does the US not use the same procedures?

Erik NNovember 2, 2006 2:21 PM

In Europe it is customary in all airports that the triangle is completed at the gate: They verify the ID against the you (that is the photo), and the boarding pass (the name), then the boarding pass against the database.

When passing security, they only verify you have something that appears to be a boarding pass, and it appears to be motivated by the need to keep people out of the tax-free area, after all, if people are screened effectively, there is no other reason to keep people out.

@bob: The Madrid 3/11 bombs where not an example of the need to secure the entire track, the terrorist had to board at the endpoints. Anyway you are right, not long after the 3/11 attack, another was IIRC foiled, this time a bomb had been placed on the track.

Bruce SchneierNovember 2, 2006 3:40 PM

"At the gate check, the barcode on the boarding pass acts only as a unique identifier for the airline agent to look up the passenger's record. The agent then checks the name on their screen with the passenger's ID.

"Assuming that the passenger's ID is valid, the passenger doesn't share a name with a legitimate passenger, and no one has compromised the database integrity, the only way someone could 'fly on someone else’s ticket' would be if the forged pass was for a flight at the same gate and at the same time as the legitimate pass and the forger boards earlier than the legitimate customer. Seems like a very low risk

"Does the US not use the same procedures?"

No, the U.S. does not. At the gate, the agent scans your boarding pass -- or reads the mag stripe, or whatever -- and you're on the plane. There's no ID check at the gate.

That's why this is a security vulnerability.

But again, it's not a vulnerability that I think anyone needs to worry about -- the photo ID check is security theater anyway.

AlanNovember 2, 2006 4:00 PM

Bruce wrote:
"That's why this is a security vulnerability.

But again, it's not a vulnerability that I think anyone needs to worry about -- the photo ID check is security theater anyway."

Bruce, these two statement still seem contradictory to me. Should I understand this to mean that its a vulnerability in the procedure, but not a vulnerability in security, since it has no effect on security either way? If not, what do you mean by the term "security vulnerability"? Any vulnerability in a protocol that may or may not have an effect on security?

Alan

Bruce SchneierNovember 2, 2006 4:55 PM

@Alan

It's a security vulnerability, because the security system that is in place can be bypassed.

It's not a vulnerability worth worrying about, because the security system that is in place isn't worth having in the first place.

A vulnerability in procedure, as opposed to a vulnerability in security, is a good way of looking at it. That the door lock is easily picked is a different issue than whether what's behind the door is worth protecting with a lock in the first place.

BombCatcherNovember 2, 2006 6:24 PM

@RvnPhnx
This is not an example of a "sneak and peek" warrant. If it were, then the target would not have any idea it had been executed. That's the "sneak" part. The FBI don't need the target's cooperation to execute a search warrant. That's the point of search warrants.

@Bruce
Alan has a good point. You say that the ID check has nothing to do with security. So why do security researchers care so much about it? Exposing random mistruths seems much more like something Nader would do.

Tammy CravitNovember 2, 2006 6:31 PM

@RvnPhnx: Aiding and abetting terrorists is, more or less, what the search warrant alleged that Soghoian did. Specifically, it alleged that he aided and abetted unspecified third parties in gaining unauthorized access to secure portions of an airport. I think a credible argument could be made that he did no such thing, but that's what the FBI claimed in their warrant, and their claim is at least plausible enough (given the wording of the statutes cited) that a judge could be convinced to buy it.

Whether or not they could successfully obtain a conviction on such claims is, of course, unknown. But the standard of proof to get a warrant is a lot lower than that required for a conviction.

Falafel O'ReillyNovember 2, 2006 8:10 PM

In mid-October I flew Alaska from Seattle to Phoenix. As part of the the safety walkthrough the stewardess said that due to FAA regulations, you must use the bathroom in the cabin in which you are seated. No doubt the real deal is that they don't want people from coach using the first class bathrooms.

Nick LancasterNovember 3, 2006 4:29 AM


It's SNEAK and PEEK (to glimpse), please. Drives me crazy when people use SNEAK and PEAK (mountaintop).

It's like confusing a loofah with falafel. ::: wink :::

ruidhNovember 3, 2006 6:33 AM

Photo ID is required on trains as well. I just bought an Amtrak ticket from NYC to Washington and the ticket says right on it that I "will have to provide photo ID".

bobNovember 3, 2006 6:51 AM

I dont have a problem with the FBI searching a property and seizing stuff (if they have a warrant). But do they have to act like burglars to do it? Cant they leave the place intact when they are done? And did they leave him an inventory of what they took? So far it looks like crime is only being committed by one party and it isnt the student.

XellosNovember 3, 2006 9:11 AM

--"A rail system would be much cheaper to run and maintain."

Not in the current regulatory environment. The rail system in the US was pretty much put out of business by the Interstate Commerce Commision, largely at the best of the motor carriers. The US has a pretty horrible record of rail thanks to odd government interventions (like subsidising rail building on a per-mile basis, which naturally led to quickly and shoddily laid tracks meandering all over the place), and current interests are too entrenched for there be any significant chance of change.

JoeNovember 3, 2006 1:47 PM

In my (US) experience, the boarding pass is not even a graphic, but is only a airline-generated page displayed in the browser of your choice. It can easily be copied to and manipulated in Word or OpenOffice to a current flight for a particular day. The bar code (I hope) isn't valid (I've never played with that and don't know how it's encoded), but it's an effective way to go meet someone at the gate or to use the frequent traveler lines.

Fenris FoxNovember 3, 2006 2:44 PM

@atr

"Bruce, you know it. We know it.

Now, could somebody please hijack a plane using a boarding pass in order to make TSA ban boarding passes on planes?

;-)"

Shh.. don't say that too loud! =;o) Tee hee.

Fenris FoxNovember 3, 2006 3:16 PM

@Harrold

""@Matti Kinnunen
"About Europeans, well, we are very much capable of defending ourselves ourselves."

You have two world wars that prove otherwise."

I can't help myself, I need to drag over from Fark...

"FRANCE SURRENDERS!" =;o)

Yum yum dig 'em out...

Seriously, though, I can't get over that the French let those riots go on for 13 days a while back.. It's one thing to not want a police state, but you're not achieving balance by allowing complete anarchy, either.

Fenris FoxNovember 3, 2006 3:28 PM

@Chris

"I agree with Alan and vwm that Bruce's implications are exaggerated. While it may be possible to use a forged boarding pass to get through security without additional screening, all first-tier Canadian airlines review ID and boarding passes at the gate (before going through the tunnel/tarmac to the plane) and again check the boarding pass at the plane's door."

So what if they use a second, third, or Nth-tier airline? Discount planes could just as easily be involved in terror as the fancy-shmancy ones.

Fenris FoxNovember 3, 2006 3:36 PM

@Nic

"Once again this reminds me of Senator Amidala's line in Star Wars 3 "So this is how liberty dies... with thunderous applause.""

I loved that line.. it was amazingly artistic. I wonder who originally thought of it..

That line also evoked thoughts Napoleon, who became Emperor basically through "public election."

YakkoNovember 3, 2006 4:09 PM

I don't think you even need two boarding passes to travel on someone elses ticket. They don't check ID at the gate, and I've never seen them compare the name on the boarding pass to the computer.

Get the boarding pass online, print it to PDF instead of paper. Use PDF modification software to change the name on the boarding pass to the name on your id.

TSA verifies the name on the boarding pass matches the id, but not what the airline database says.

Gate verifies the database using the bar code on the boarding pass, not the name.

Mr C.November 12, 2006 12:26 PM

I flew JFK-AMS on Friday and I was marked SSSS; yet they lost my luggage and have still not found it 3 days later. Don't you think that is rather worrying?

As a British traveller flying at 50-60 flights per year around the EU I can confirm boarding passes are checked against your passport at every checkpoint, including when you board the plane.
I might also add that in the US, (fly there 6-8 times a year) 3 times in the last 2 months; they are NOT checking passports at boarding and on every DOMESTIC flight I have got on they ask announce before take-off the destination. At least twice I have seen people get off because they have accidentally got on the wrong plane. HOW someone is a) so stupid as to walk past the gate on to the wrong plane in the first place is amazing but for the boarding chack not to spot this is beyond credibility. A close friend of mine actually witnessed someone take the full wrong flight to Chicago only to announce,'Hey - I thought this was the flight to Cincinatti'.

RodMarch 7, 2007 1:44 AM

Bruce, Interesting your conclusions regard the SSSS. I recently agained passed through Portland Airport en route to Australia and again received the dreaded for SSSS's.

I think it is damn stupid because if I had any ambitions to hurst any body and was carry dangerous material , once I received the SSSS I would not proceed to board. Now I am not very broght being an Australia but even I can work that out.
I understand the Airlines issue the warning to its passengers so from the point of someone who travel by air with the intention of doing harm the airlines are not doing themeslves any favours.

Interestingly 3 Years ago I flew out of PDX via Hawaii enroute to Sudney I got the SSSS and got my detailed search which made me late for the flight.

NOW HEAR THIS I my wife and I arrived at the gate to in time to see the door of the Aircraft close. I asked many questions of the Airline staff, THe single most important questions was where is our luggage? ON BOARD! My next question was does the Captain know that he has passenger baggage on board without the passengers? YES!
As we say in Australia Bullshit!

MY bagges flew all the way to Australia unaccompanied, we caught up with them 24 hours later in Sydney.

I tried to bring this to the attention of both Australian And US authorities nobody was interested.

My recent flight was United the flight 3 years ago was Hawaiin, I wont be flying with either again, I am sure they wont mind.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..