Customized Boarding Passes Can Hack Computers
November 12, 2015 // 10:52 AM EST
A boarding pass can hold all sorts of information useful to an identify thief, such as a victim’s frequent flyer number. Now, it turns out that simply scanning the boarding pass itself could potentially be used to hack computers, too.
Yang Yu, founder and head of Tencent's Xuanwu Lab, a project with a focus on cybersecurity research, tweeted several videos of what he has dubbed “Badbarcode,” a series of what he describes as vulnerabilities in the way that barcode scanners work. Yu will be presenting “BadBarcode: How to hack a starship with a piece of paper” at PacSec 2015, a security conference held in Tokyo.
Yu and his team created their own series of "boarding passes"—just barcodes, essentially—and programmed different commands into each that would be read by the scanner.
“The scanner in that demo is widely used in airports, so we made a fake boarding pass to do that demo,” Yu told Motherboard in a Twitter direct message. “BadBarcode is not a vulnerability of a certain product. It affects the entire barcode scanner-related industries.”
One of the videos shows the barcode of a boarding pass being scanned, and then a shell—where a user could enter commands—opening on the adjacent computer.
“General speaking, we can make [a barcode scanner] to 'type' any keys to the host system, not only the 0-9 and a-z,” Yu said. He claims this lets someone create a boarding pass to “execute any command on computer.”
Yu wouldn't go into the technical details, but said that he may release the documentation later.
At this point, Yu is unsure of any malicious applications. “I do not know what the bad guys might do,” he said. “But considering barcode scanners are everywhere in our world, so BadBarcode is really a serious problem, not just a bug people could use to get free beer.”
Topics: hacking, security, privacy, travel, air travel, Airlines, boarding passes, Yang Yu, Tencent, Xuanwu Lab, Badbarcode
=================================================== Have you ever wondered how it would be if your email suddenly came to life? You are about to find out.https://www.youtube.com/watch?v=HTgYHHKs0Zw
**Important note** - contact our sister company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.