Latest in Boarding pass

Image credit:

Security flaw lets Delta passengers access strangers' boarding passes

John Colucci, @johncolucci
December 16, 2014
Share
Tweet
Share

Sponsored Links

If you've been dreaming about tanning on Miami Beach versus visiting your family in Minneapolis this holiday, a security flaw involving Delta Airlines' electronic boarding pass system might just make that a reality. Dani Grant, a product intern at BuzzFeed and founder of Hackers of NY, realized she could share the URL to her boarding pass for anyone to download. Then, by changing a digit in the URL, someone else's boarding pass (even on another airline) popped right up.

But, this doesn't mean you can look forward to traveling somewhere you weren't supposed to (unlike buying a movie ticket for one film and walking into another). You'd need to have a legitimate boarding pass in your own name to get past the TSA. Then if you successfully obtained someone else's boarding pass, it'd have to originate from the same airport you're at. In other words, if you're holding a boarding pass from New York to Minneapolis, that Atlanta to Barcelona ticket won't do much good.

The TSA's press secretary Ross Feinstein said in a statement that "Travel document checking is just one layer of TSA's defense for aviation security. Officers are trained to detect and potentially deter individuals who may attempt to board an aircraft with fraudulent documents." Basically, if you happened to try to board an aircraft as someone else, it's a crime. So there's that.

We've reached out to Delta for comment and will update when (and if) they respond.

Update: Delta spokesperson Paul Skrbec said in a statement to TIME Magazine on Tuesday afternoon: "After a possible issue with our mobile boarding passes was discovered late Monday, our IT teams quickly put a solution in place this morning to prevent it from occurring," adding that the airline is still investigating the problem but isn't aware of any compromised customer accounts.

[Photo: Dani Grant]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Zappos' pioneering ex-CEO Tony Hsieh dies at 46

Zappos' pioneering ex-CEO Tony Hsieh dies at 46

View
The Morning After: The best Black Friday deals that are still going

The Morning After: The best Black Friday deals that are still going

View
Vava’s 4K ultra short-throw projector is $840 off at Amazon

Vava’s 4K ultra short-throw projector is $840 off at Amazon

View
The best Black Friday tech deals we could find

The best Black Friday tech deals we could find

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr