Security Researcher Shows Why Sharing Boarding Pass Photos Online Isn’t The Best Idea

One of the things people like to do when going on a trip is take a photo of their boarding pass. It shows the world that you’re going to be taking to the skies – as if that’s a new thing for some reason – and that your life is about to get undeniably better than the person looking at the photo.

It’s the age old humblebrag, but without the humble part. Have you ever stopped to consider, though, that taking a photo of your boarding pass, then sharing it on the internet might not be the best of ideas?

Boarding-pass-photo

If the thought has never crossed your mind, then it probably should. A glimpse at the #boardingpass tag on Instagram shows a lot of people sharing their pass, but they are potentially leaving themselves wide open to all manner of personal data theft, as displayed on-stage by researcher Karsten Nohl. During a presentation, Nohl searched Instagram and found a real boarding pass, complete with the barcode that identifies each flier individually.

It’s this barcode that holds the key to everything, and as Nohl showed, anyone with the ability to see that theoretically has the ability to log into an airline’s website. Nohl showed just that by logging into Lufthansa using the previously found barcode. He found personal details of the person who posted the image to Instagram and had the opportunity to re-book the flight as well. Things could potentially be much worse, too, depending on the airline and the level of access acquired.

Now, granted, not everyone with access to Instagram is capable of making this kind of thing happen, but those who are, could actually go through with it. There doesn’t appear to be any evidence of large scale plundering of information here yet, but why put yourself in that position in the first place?

It’s not like there aren’t other things to take photos of at an airport – pre-packed triangular sandwiches, for example.

(Source: media.ccc.de [YouTube] | Via: Kaspersky)

You might also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.