Last Friday we covered some of the security issues travelers can face when staying at a hotel. Today we are going to look at air travel – specifically the bad things that can happen to you if you carelessly discard or foolishly post a picture online of your airline boarding pass.
For some reason, people like to post images of their boarding passes on Facebook, Instagram, and other social networks. Probably a hipster version of “wish you were here – not!” Brian Krebs reported that a recent search on Instagram for “boarding pass” returned 91,000 results! There are also smartphone and smart watch apps for capturing the bar code. This is supposed to help you board more easily, but it is another great way to lose the information in the bar code.
Your boarding pass, especially the bar coded information, can reveal more information about you than you might expect. This includes things such as:
- Phone Number
- Passport Number
- Frequent Flyer Number
- 6-digit Booking Code
Czech security researcher Michael Spacek recently gave a talk at a cybersecurity conference. He described how:
“…he was able to get from a picture of a British Airways boarding pass that a friend of his posted on Instagram before a trip to Hong Kong with his wife.
All he had to do was enter the booking reference on the BA website and find out his friend’s birth date (which was on his Facebook profile) to get his passport number, to be allowed to change the details on his account – cancel future flights, edit the passport number, citizenship, expiration date and date of birth…”
Basically, information in the bar code can allow an attacker access to your airline travel account, view your travel plans, make changes to your itinerary, book airline tickets, and steal your frequent flyer points, among other things. Want to know what is in your boarding pass bar code. Take a picture of the barcode with your phone, and upload it to Inlite Online Barcode Reader.
So posting pictures of your boarding pass online is a bad plan. Casually tossing it in the trash in your hotel room is not a good idea, either, since it would be possible for the cleaning staff to save the pass and sell it to cyber-crooks and identity thieves. The boarding pass becomes one more item that needs to be shredded or destroyed in other ways.
- Brian Krebs – Why It’s Still A Bad Idea to Post or Trash Your Airline Boarding Pass
- Naked Security – Don’t expose yourself with your boarding pass
- Inlite Online Barcode Reader