Customized Boarding Passes Can Hack Computers
Written by
November 12, 2015 // 10:52 AM EST
A boarding pass
can hold all sorts of
information useful to an identify thief, such as a victim’s frequent
flyer number. Now, it turns out that simply scanning the boarding pass itself
could potentially be used to hack computers, too.
Yang Yu, founder and head of Tencent's Xuanwu Lab,
a project with a focus on cybersecurity research, tweeted
several
videos
of what he has dubbed “Badbarcode,” a series of what he describes as vulnerabilities
in the way that barcode scanners work. Yu will be presenting “BadBarcode: How
to hack a starship with a piece of paper” at PacSec 2015, a security conference held in Tokyo.
Yu and his team
created their own series of "boarding passes"—just barcodes,
essentially—and programmed different commands into each that would be read by
the scanner.
“The scanner in
that demo is widely used in airports, so we made a fake boarding pass to do
that demo,” Yu told Motherboard in a Twitter direct message. “BadBarcode is not
a vulnerability of a certain product. It affects the entire barcode
scanner-related industries.”
One of the
videos shows the barcode of a boarding pass being scanned, and then a
shell—where a user could enter commands—opening on the adjacent computer.
“General
speaking, we can make [a barcode scanner] to 'type' any keys to the host
system, not only the 0-9 and a-z,” Yu said. He claims this lets someone create
a boarding pass to “execute any command on computer.”
Yu wouldn't go
into the technical details, but said that he may release the documentation
later.
At this point,
Yu is unsure of any malicious applications. “I do not know what the bad guys
might do,” he said. “But considering barcode scanners are everywhere in our
world, so BadBarcode is really a serious problem, not just a bug people could
use to get free beer.”
Topics: hacking,
security,
privacy,
travel,
air travel,
Airlines,
boarding passes, Yang Yu,
Tencent,
Xuanwu Lab,
Badbarcode
You can reach us at letters@motherboard.tv. Want to see other
people talking about Motherboard? Check out our letters to
the editor.
=================================================== Have you ever wondered how it would be if your email suddenly came to life? You are about to find out.
====================================================
https://www.youtube.com/watch?v=HTgYHHKs0Zw====================================================
===========================================================
**Important note** - contact our sister company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:
www.tabularosa.net
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I
am the founder and president of Tabula
Rosa Systems, a company that provides “best of breed” products for network,
security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT
product information for virtually anyone.
==============================================
No comments:
Post a Comment