Leave a comment

Anyone can access your boarding pass

Anyone can access your boarding pass
Image courtesy of Shutterstock

Have you flown with Delta Airlines recently? If so, then your boarding pass was wide open to hackers. Oh, and if you missed yesterday's announcement — you might have a single pilot making sure that you're safe in the air.

That's right, you have to take your shoes off at security but Delta Airlines couldn't even bother to keep your passport private. Kind of frustrating, isn't it? If you aren't annoyed yet, you will be once you learn about how this vulnerability works.

Dani Grant, a write for the Hackers of NY cyber security blog, ran a few tests after Delta Airlines emailed her a boarding pass. She discovered that the site wasn't secured by HTTPS protection, but also that URL trickery could get a hacker access to your boarding pass.

What kind of URL trickery? The kind where Grant discovered that changing any part of the identification code in her boarding pass's URL could get her instant access to another person's boarding pass.

Trickery like this isn't just stupid, it's testable by anyone in the world. If any site that you visit has a string of numbers or letters at the end of a URL, try adding or lowering one number by one digit.

If you end up on another page or profile, then that site isn't secure.

All Delta Airlines would have had to do to find out just how easy it is to hack its systems would have been to add or subtract a single digit. Hackers might not even have to be after you in particular to steal your boarding pass information.

Bonus tip: 5 best-kept travel secrets everyone should know

They could just randomly type in a string of letters and Delta Airlines' unsecured HTTP connection will let them right in.

Hey Delta! Fix it.

Next Story
View Comments ()
Data breach at airport parking service
Previous Happening Now

Data breach at airport parking service

The LAPD is getting body cameras
Next Happening Now

The LAPD is getting body cameras