By my latest count, roughly half the paperback novels on my bookshelves have old airline boarding passes in them. I tend to use boarding passes as bookmarks when I travel, and it turns out it's a good thing I keep them tucked away.
According to this scary report from marquee author and investigative journalist Brian Krebs, you really don't want to leave your boarding passes laying around the airport or tucked into the seat back pocket. Apparently, the barcodes on those passes are a potential back door for hackers to access your private information.
Hackers Redirect And Disable Sniper Rifle Remotely
In a detailed blog post, Krebs gives the step-by-step process by which information can be extracted from a boarding pass using publicly available websites and online tools.
Data on the barcode itself can be instantly decoded using online barcode and QR code scanners. (No, I didn't know these things existed, either.) In the sample boarding pass tested by Krebs and a concerned reader, the barcode contained the traveler's full name, frequent flyer number and a "record locator" that gave access to the traveler's entire Lufthansa account.
The access granted to the airline account divulged even more personal information, including phone numbers and a record of all future flights booked via the Star Alliance frequent flyer account.
Hackers Use Phone Network To Cut Jeep's Brakes
The information was enough to allow anyone to manipulate frequent flyer accounts, reset PIN numbers and even change or cancel future flights. The report suggests that specific details in the barcode data can also make it easier for an attacker to get additional personal information online.
So next time you're tempted to jam that boarding pass into the back seat pocket, maybe tuck it into your Stephen King book instead. It's less scary in there.
via Krebs on Security