The speaker discusses vulnerabilities in airline boarding pass systems. Boarding passes contain a wealth of passenger data but lack authentication. This allows boarding passes to be forged, bypassing security checks. While standards like digital signatures have been introduced, many airlines have not implemented them. The talk outlines past research on boarding pass issues and ways airport access and privileges could be obtained by modifying boarding pass data. The speaker concludes that privacy laws prevent effective data sharing to address these vulnerabilities.
MODYUL 1 Pag-aalsa Laban sa Pang-aabusoChassel Paras
The document discusses agrarian revolts by Tagalogs in Philippine provinces in 1745. It contains three excerpts:
1. The first excerpt describes a report by Pedro Calderon Enriquez in 1739 that found lands surrounding a village belonged to an ecclesiastic who charged rents to Indians and mestizos.
2. The second excerpt from Juan de la Concepcion describes attacks by Indians in 1739 on Jesuit ranches in Lian and Nasugbu in protest of lands being claimed by Jesuits.
3. The third excerpt is from a 1751 decree by King Felipe V approving measures by Pedro Calderon Enriquez to distribute lands usurped by religious
Unit 1, mod 3 Sulyap ng Buhay Panlipunan sa Sinaunang Panahondionesioable
This document provides an overview of a module that will examine aspects of social life in ancient Philippine society. It will look at naming practices for children, marriage customs, occupations, and social classes. The module will analyze primary sources from Spanish officials, soldiers, and priests who participated in the colonization of the Philippines and provide descriptions of what they witnessed. Specific activities included in the module are analyzing passages from primary sources on child naming, marriage customs, and occupations in ancient times and comparing them to modern practices.
Filipino 9 (Noli Me Tangere): Kabanata 1 (Nabibigyang-kahulugan ang Matatalin...Juan Miguel Palero
Ito ay isang powerpoint presentation na tumatalakay sa paksang: Kabanata 1 ng Noli Me Tangere. Dito din matatagpuan ang ilang aktibidad o diskusyon patungkol sa paksang tinalakay.
Global Distribution Systems - Part 2 of 5: Past, present and yet to come: GDS...Edutour
An overview of the development of the major GDS systems like Amadeus, Galileo, Sabre and Worldspan, the airline distribution model and the future of those systems.
This document discusses point-of-sale attacks targeting travelers at airports. It describes how malware could be installed on kiosks to extract personal information from scanned boarding passes and tickets stored in RAM. A case study examines kiosks at a Greek airport that were vulnerable due to unpatched software and accessible administrative interfaces. The document proposes developing malware and a mobile app to commandeer compromised kiosks, duplicate tickets, and profile travelers without authorization.
MODYUL 1 Pag-aalsa Laban sa Pang-aabusoChassel Paras
The document discusses agrarian revolts by Tagalogs in Philippine provinces in 1745. It contains three excerpts:
1. The first excerpt describes a report by Pedro Calderon Enriquez in 1739 that found lands surrounding a village belonged to an ecclesiastic who charged rents to Indians and mestizos.
2. The second excerpt from Juan de la Concepcion describes attacks by Indians in 1739 on Jesuit ranches in Lian and Nasugbu in protest of lands being claimed by Jesuits.
3. The third excerpt is from a 1751 decree by King Felipe V approving measures by Pedro Calderon Enriquez to distribute lands usurped by religious
Unit 1, mod 3 Sulyap ng Buhay Panlipunan sa Sinaunang Panahondionesioable
This document provides an overview of a module that will examine aspects of social life in ancient Philippine society. It will look at naming practices for children, marriage customs, occupations, and social classes. The module will analyze primary sources from Spanish officials, soldiers, and priests who participated in the colonization of the Philippines and provide descriptions of what they witnessed. Specific activities included in the module are analyzing passages from primary sources on child naming, marriage customs, and occupations in ancient times and comparing them to modern practices.
Filipino 9 (Noli Me Tangere): Kabanata 1 (Nabibigyang-kahulugan ang Matatalin...Juan Miguel Palero
Ito ay isang powerpoint presentation na tumatalakay sa paksang: Kabanata 1 ng Noli Me Tangere. Dito din matatagpuan ang ilang aktibidad o diskusyon patungkol sa paksang tinalakay.
Global Distribution Systems - Part 2 of 5: Past, present and yet to come: GDS...Edutour
An overview of the development of the major GDS systems like Amadeus, Galileo, Sabre and Worldspan, the airline distribution model and the future of those systems.
This document discusses point-of-sale attacks targeting travelers at airports. It describes how malware could be installed on kiosks to extract personal information from scanned boarding passes and tickets stored in RAM. A case study examines kiosks at a Greek airport that were vulnerable due to unpatched software and accessible administrative interfaces. The document proposes developing malware and a mobile app to commandeer compromised kiosks, duplicate tickets, and profile travelers without authorization.
The document discusses near field communication (NFC) technology and its potential applications in the airline industry. NFC allows contactless communication between devices within 10 cm of each other. It enables services like mobile payments, ticketing, and content sharing. The document outlines several ways NFC could streamline airline processes like check-in, boarding, baggage handling, lounge access, and purchasing ground transportation. Challenges to adoption include developing business models, infrastructure limitations, and lack of NFC devices and standards. Overall, NFC may help airlines reduce costs, increase revenue and improve the customer experience.
Jim Slevin's presentation to Passenger Terminal Expo 2015 in Paris. Jim discusses how collaboration through Technology can ensure both Airports and Passengers can optimise their relationship with each for their mutual benefit.
5 Steps for Creating an Easier Travel Experience for your AttendeesDMAI's empowerMINT.com
Getting there is half the battle! This is the battle cry of air travelers, as they take time out of their busy schedules to attend your meetings and events, but what if you could make it easier for them to join you, by giving them the easy steps to a hassle free airport security screening process through TSA Pre✓™?
Join DMAI, and our guest, Jerry Koehler, Director Marketing /Branding from the Transportation Security Administration, to learn the 5 easy steps to apply for TSA Pre✓™. These pre-screened travelers experience expedited, more efficient security screening at more than 115 participating airports across the county.
Webinar Take-a-ways:
• What are the goals of the TSA Pre✓™ program and direct benefit to your air travelers
• Misperceptions of the time it takes to get qualified for TSA Pre✓™
• Step by step how to put TSA Pre✓™ to work for your meeting
• How CVBs and Planners can become knowledgeable travel experts, and partner to build advocates to make air travel more convenient for meeting attendees.
Document authentication system powered by assuretecMurugan Ramasamy
Document Authentication Systems Help in Identifying fake Documents and alert users. We @ Kvaliteta has Designed a Solution to Help Automated the Process of automation of Document verification for High Security Environments
This document provides an overview of the history and evolution of travel technology. It describes how reservations were previously made through travel agencies using index cards before the development of central reservation systems (CRS) and global distribution systems (GDS). CRS allowed airlines to automate reservations using computer systems while GDS created global networks connecting travel agencies, airlines, and other providers. The document outlines key components of GDS including passenger name records (PNR) which store passenger and itinerary details.
7 Ways Facial Recognition Can Unlock A Secure, Frictionless and Personalized ...InteractiveNEC
Facial recognition technology can unlock a secure, frictionless and personalized air travel experience through a single, unified biometric key. It can speed up processes like check-in, bag drop, security screening, boarding, and customs by verifying identities without manual ID checks. This allows airports to process more passengers faster while enhancing security. It would reduce wait times and stress for travelers throughout their journey.
The document provides an overview of the airline booking process and the systems involved. It discusses the multi-step booking process, including specifying search parameters, finding available routes and schedules, choosing a fare, providing passenger details, and payment confirmation. It also describes the role of global distribution systems and booking engines in facilitating bookings by acting as a bridge between internet applications and legacy reservation systems. Key terms related to flights, cabin classes, booking codes, and itinerary types are also defined.
Jim Slevin, Managing Director of Human Recognition System's Aviation division, presentation to the Aviation IT Conference from November 2013. Jim looks at how Airports can get to know their passengers and the retail revenue, operational and security benefits that they gain when they do.
Driving Efficiency with Splunk Cloud at Gatwick AirportSplunk
Gatwick Airport, the busiest single runway airport in the world, needed to ensure a high degree of efficiency for a record-breaking 925 daily flights and 38 million annual passengers. This presentation covers how they:
- Combine historical fact with "in the moment" data and events to predict success or failure, enabling the operation to prevent issues before they occur
- Support other organisations (e.g., airlines and ground handlers) with dashboards to improve their performance
- Moved from "how did we do?" to "how are we doing?" and are on the edge of answering "How will we do?”
- Plan to expand the use of Splunk Cloud in the future: tracking travel disruption, predicting passenger flow and getting real-time feedback via social media monitoring
Also, learn why a cloud solution gives Gatwick Airport the agility and scalability to achieve what they need.
The Future of Customer Experience in Commercial Aviation Jorge Fonseca
The document discusses the future of customer experience in commercial aviation. It envisions a highly personalized experience for passengers from check-in through arrival where an AI assistant uses the passenger's biometric, social, travel and purchase data to provide customized recommendations, navigation assistance, group awareness and shopping/entertainment options. Key technologies enabling this vision include universal digital identity, biometrics, IoT sensors, augmented reality, blockchain and high-speed in-flight internet. The goal is to make the airport and travel experience more seamless, efficient and tailored to each passenger's individual needs and preferences.
An insight into the E-Passport, aka Biometric Passport, the need for biometrics in travel documents, the ICAO regulations governing the information contained in the electronic chip, RFID technique, Privacy threats in the current design.
Serving the Real-Time Data Needs of an Airport with Kafka Streams and KSQLSönke Liebau
Airports are complex networks consisting of an immense number of systems that are necessary to keep the daily stream of passengers in constant motion. Connecting these systems in order to make the big picture transparent to the people running the show, authorities and last but not least the passengers is no simple endeavor.
In this talk I will describe a fictional airport and its effort to restructure the IT infrastructure around Kafka Streams to serve the real-time data needs of a busy airport. I will start by giving a brief overview of Kafka Streams, KSQL and the opportunities they offer for real-time stream processing. Following that we will explore the the target architecture, which relies heavily on manifested views to serve up-to-date data, while also persisting to a traditional data lake for larger analytics workflows. Additionally we will take a look at the generic data transformation framework that was created to minimize integration effort of the data receiving systems. To illustrate these ideas I will describe some examples of possible integrations: joining flight data with radar and weather data to predict arrival time at the gate down to the second, constantly updated processing data from the luggage conveyor belts as well as results from prediction models for passenger flow, and many more.
The document discusses the use of biometric technology like facial recognition and fingerprints for airport security and passenger verification. It describes how biometrics are used at border control and for outbound travel to enhance security and the passenger experience. The document also outlines system requirements, different types of biometric matching, challenges around data sharing and protection, and how biometrics can be applied to staff access control as well.
Harvard's network operations center (NOC) is a set of web applications and tools that offer transparency and push "self service" to customers in a secure, verified, and granular way.
Patang's Global Visibility Platform helps track all your shipments -
Air, Ocean and Road at one place, passing information through easy multi-channel communication and advanced analytics in a simple user-friendly dashboard
Using a modern data stack to explore and visualize the impact of a global pan...Data Con LA
Data Con LA 2020
Description
Amid the recent COVID-19 pandemic, we are curious to explore and visualize its impact on global airline traffic such as flight frequencies, volume and schedules. We are also interested in utilizing non-flight-related datasets in this analysis from organizations such as the John Hopkins University Center for Systems Science. OnPrem Solution Partners has built a fully operationalized data ingestion, transformation, and analysis platform using modern tools such as Snowflake, dbt, and Streamsets Data Collector to capture and analyze flight data. Our primary data source consists of minute-by-minute flight data from flights globally. We have been collecting and storing this state data since November 2018 and now have billions of records accumulated for analysis. In addition, we load auxiliary data into Snowflake to form a comprehensive analysis and reporting platform. We have explored the following use cases:
*How the overall number of flights changes as the virus spreads?
*How do the number of flights change for a specific region as the number of positive tests/deaths change?
*How does the number of flights to/from countries with the highest number of cases (hot zones) change?
Speaker
Yasha Mouradi, OnPrem Solution Partners, Data & Analytics Manager
Similar to How to get good seats in the security theater (20)
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Keywords: AI, Containeres, Kubernetes, Cloud Native
Event Link: https://meine.doag.org/events/cloudland/2024/agenda/#agendaId.4211
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxSunil Jagani
Discover how AI is transforming the workplace and learn strategies for reskilling and upskilling employees to stay ahead. This comprehensive guide covers the impact of AI on jobs, essential skills for the future, and successful case studies from industry leaders. Embrace AI-driven changes, foster continuous learning, and build a future-ready workforce.
Read More - https://bit.ly/3VKly70
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Discover the Unseen: Tailored Recommendation of Unwatched ContentScyllaDB
The session shares how JioCinema approaches ""watch discounting."" This capability ensures that if a user watched a certain amount of a show/movie, the platform no longer recommends that particular content to the user. Flawless operation of this feature promotes the discover of new content, improving the overall user experience.
JioCinema is an Indian over-the-top media streaming service owned by Viacom18.
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Ukraine
Під час доповіді відповімо на питання, навіщо потрібно підвищувати продуктивність аплікації і які є найефективніші способи для цього. А також поговоримо про те, що таке кеш, які його види бувають та, основне — як знайти performance bottleneck?
Відео та деталі заходу: https://bit.ly/45tILxj
Session 1 - Intro to Robotic Process Automation.pdfUiPathCommunity
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
What is an RPA CoE? Session 2 – CoE RolesDianaGray10
In this session, we will review the players involved in the CoE and how each role impacts opportunities.
Topics covered:
• What roles are essential?
• What place in the automation journey does each role play?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
1. How to get good seats in the
security theater?
Hacking boarding passes for fun and profit
Przemek Jaroszewski
przemj+defcon24@gmail.com
2. $ whoami
• head of the Polish national CSIRT (CERT Polska)
• 10+ years of education in programming
• Master’s degree in social psychology
• 15 years of experience in IT security
• aviation enthusiast, unrealized air traffic controller
3. Disclaimer
• Research and opinions are my own, not my employer’s
• Some of the stuff is grey area, and some is plain illegal
4. Up in the Air
• FF miles are nice, but status in nicer
15. Where did we get?
• Free Fast Track for all travelers => Sterile area access for all
16. Wait, this is not news!
• Bruce Schneier (2003): Flying On Someone Else’s Airplaine Ticket
• shows how to work around no fly lists with print-at-home BPs
• Andy Bowers (2005): Dangerous Loophole in Airport Security
• Bruce Schneier (2006): The Boarding Pass Brouhaha
• Christopher Soghoian (2007): Insecure Flight: Broken Boarding Passes
and Ineffective Terrorist Watch Lists
• Jeffrey Goldberg (2008): The Things He Carried
• Charles C. Mann (2011): Smoke Screening
• John Butler (2012): Security Flaws in the TSA Pre-Check System and
the Boarding Pass Check System
17. No Fly List Bypass (in 2003)
• Buy tickets under false name
• Print your boarding pass at home
• Create a copy of the boarding pass with your real name
• Present the fake boarding pass and the real ID to TSA officers
• Present the real boarding pass to gate agents
• Fly
18.
19. No Fly List Bypass (in 2016 Europe)
• Buy tickets under false name
• Print your boarding pass at home
• Fly
Impacting factors:
• Particular airline’s business consciousness
• Temporary security checks
23. So… Where is passenger data stored?
• Computer Reservation Systems (CRS) allow for storage and processing of
Passenger Name Records (PNR) containing:
• personal data (names, contact details)
• reservations (airlines, hotels, cars, …)
• issued tickets
• special requests
• loyalty programs data
• Dozens of CRSs exist
• GDS (eg. Sabre, Amadeus, Galileo, Worldspan, …)
• proprietary ones
• One reservation may result with multiple PNRs in different CRSs
• Data access is limited not only across CRSs, but across different parties
24. Notice of advice
• BCBP often contains more information than the printed version
• PNR locator (aka: reservation/confirmation number, booking reference)
• Ticket number
• Full frequent flyer number
• This information can be used to retrieve most and modify some data
in your PNR, including ticket cancellation!
• Sometimes with additional knowledge like e-mail address
• Don’t post or share non-anonymized boarding passes!
25.
26. … and then on to other systems
• Departure Control System (DCS) – check-in info
• Advance Passenger Information (API) – to border agencies
• PNRGOV – to government agencies
• Secure Flight
27.
28. Paper is just a bit less fun…
• MS Word is a great PDF-editing tool
• Most likely barcode will be scanned
anyway, so it needs to reflect the printed
information
29. Lounge access
• Contract lounges
• no way to verify eligibility
• may require an invitation issued from the airline
at check-in
• Airline-operated lounges
• may have access to passenger records …
• … but only for own passengers!
• automatic gates increasingly popular (eg. SAS
lounges in CPH, OSL; Turkish lounge in IST)
30.
31.
32. Duty Free Goods
• In many countries goods
are sold directly to the
passenger (liquors sealed in
a plastic bag)
• Eligibility is determined
based on destination
(eg. EU/Non-EU)
33. Where did we get?
• Airport access (meet&greet, sightseeing, …)
• Fast Track
• Free lunch and booze
• Duty free shopping
35. Digital Signature
• In 2009 IATA extended BCBP standard (ver. 3) with support for digital
signatures based on PKI
• Yet many airlines still use BCBP v.1
• The field is "optional and to be used only when required by the local
security administration"
• The field has variable length, with specific algorithm etc. determined
by the authority
• Private keys owned by airlines, public keys distributed to third parties
• TSA enforced for US carriers (well, almost)
36. BCBP XML
• In 2008 IATA proposed Passenger and Airport Data Interchange
Standards (PADIS) XML to be used for exchange of BCBP data
between airlines and third parties, such as lounges or security
checkpoints
• The terminal would send a message consisting of a header and full
BCBP content
• The airline would reply with a Yes/No, along with a reason and
optional free text
38. Secure Flight
• Program implemented by TSA in 2009 takeover watchlists monitoring from
airlines
• Pre-Check and Secondary Screening introduced in 2011
• Selectee indicator in BCBP field 18; 0=normal; 1=SSSS; 3=LLLL
• In 2013 TSA started networking CAT/BPSS devices to pull passenger data
from Secure Flight, including:
• Passenger’s full name
• Gender
• Date of birth
• Screening status
• Reservation number
• Flight itinerary (in order to determine which airports receive data)
39. Why is awesome?
• Just when I thought I got my slides ready… I get this message
from @supersat
I noticed you are giving a talk on boarding passes at DEF CON. I
managed to acquire [this] off of eBay, and was wondering if you'd
like to play around with it at DEF CON or use it for a demo at your
talk.
40.
41.
42. Where did we get?
• Airport access (meet&greet, sightseeing, …)
• Fast Track
• Free lunch and booze
• Duty free shopping
• Pre-check??
43. Is it a vulnerability?
• LOT Polish Airlines:
- Please contact Warsaw Airport about this issue as they’re responsible for
boarding pass scanning systems.
• Warsaw Airport:
- It’s a known issue, but not a problem. We’re compliant with all CAA
guidelines.
• Civil Aviation Authority for Poland:
- Boarding pass forgery is a crime since they are documents.
• Me:
- Can you have a legally binding document without any form of
authentication?
• Civil Aviation Authority for Poland:
- Oh, go f*** yourself!
44. Is it a vulnerability?
• Turkish Airlines:
- Please be inform that, we have already shared your contact details
with our related unit, to get in touch with you as soon as possible.
• SAS:
- We appreciate that you have taken the time to send us your
feedback, as this is crucial for us to improve our services.
• TSA:
awkward silence
47. Wrap up
• Privacy and complexity of reservation systems prevent effective data
exchange between airlines and BP scanning checkpoints
• Several countermeasures have been introduced by IATA, but they’re
expensive and complicated to implement
• While US did a reasonably good job, other places have actually
lowered the bar
• Because of privacy restrictions access to PNR will likely by limited to
governments making cross-dependencies between private entities
inherently broken
48. Sources/Further reading
• IATA: BCBP Implementation Guide
http://www.iata.org/whatwedo/stb/bcbp/Documents/BCBP-Implementation-Guide.pdf
• IATA: Bar-Coded Boarding Passes FAQ
https://www.iata.org/whatwedo/stb/bcbp/Documents/bcbp-faqs.pdf
• IATA: Passenger and Airport Data Interchange Standards (PADIS) Board
http://www.iata.org/whatwedo/workgroups/Pages/padis.aspx
• TSA: Privacy Impact Assessment for the Boarding Pass Scanning System
https://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_tsa_bpss.pdf
• TSA: Secure Flight
http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_tsa_secureflight_update018(e).pdf
https://www.tsa.gov/news/testimony/2014/09/18/tsa-secure-flight-program
• BCBP Working Group: Business Requirements: BCBP Data Exchange
http://www.aci.aero/media/aci/file/aci_priorities/it/doc0803_brd_bcbp_xmlfinal.pdf
• Bruce Schneier: Flying On Someone Else’s Airplane Ticket
https://www.schneier.com/crypto-gram/archives/2003/0815.html#6
• Bruce Schneier: The Boarding Pass Brouhaha
https://www.schneier.com/essays/archives/2006/11/the_boarding_pass_br.html
• Andy Bowers: A Dangerous Loophole in Airport Security
http://www.slate.com/articles/news_and_politics/hey_wait_a_minute/2005/02/a_dangerous_loophole_in_airport_security.html
• Christopher Sokhoian: Insecure Flight: Broken Boarding Passes and Ineffective Terrorist Watch Lists
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1001675
• Jeffrey Goldberg: The Things He Carried (The Atlantic)
http://www.theatlantic.com/magazine/archive/2008/11/the-things-he-carried/307057/
• Charles C. Mann: Smoke Screening (Vanity Fair)
http://www.vanityfair.com/culture/2011/12/tsa-insanity-201112
• Brian Krebs: What’s in the Boarding Pass? A lot
http://krebsonsecurity.com/2015/10/whats-in-a-boarding-pass-barcode-a-lot/
• John Butler: Security Flaws in the TSA Pre-Check System and the Boarding Pass Check System
https://puckinflight.wordpress.com/2012/10/19/security-flaws-in-the-tsa-pre-check-system-and-the-boarding-pass-check-system/