This document discusses point-of-sale attacks targeting travelers at airports. It describes how malware could be installed on kiosks to extract personal information from scanned boarding passes and tickets stored in RAM. A case study examines kiosks at a Greek airport that were vulnerable due to unpatched software and accessible administrative interfaces. The document proposes developing malware and a mobile app to commandeer compromised kiosks, duplicate tickets, and profile travelers without authorization.