14 DAY TRIAL // A finding by Hackers of NY reveals that boarding passes issued by Delta can be hacked to get someone else’s ticket, even on a different airline. No joke.
In what can be viewed as a spoofing flaw, “On Delta, you can change the URL of your boarding pass and get someone else’s boarding pass,” reports Dani Grant, of Hackers of NY. “Even if they’re on a different airline,” adds Grant, while showing the screenshots above.
Easy to exploit and mess with
According to the hacker, you can check in as someone else and even change the seat if you feel like it. Delta has issued a prompt response via email, addressing affected customers directly. The airline’s apologetic letter confirms that there is indeed a flaw in the system, but one that can be easily rectified.
The email shown by Grant appears to be the result of a test on their behalf to see if the hackers were indeed right about the problem. A proof-of-concept, as these practices are called in IT circles. It may well be that no real customers have been affected by the hack so far, but the vulnerability is there, nonetheless. The email reads:
“Thanks for your email letting us know about your travel experience flying on December 12. I’m truly sorry to learn about your unfortunate online experience and wish to address your concern. Using our website should be convenient and make your travel easier. I certainly understand how insecure you must have felt due to the unpleasant incident you experienced while trying to view and print boarding pass from our web site. We want to surpass your expectations in each and every possible way. I sincerely apologize, your experience was to the contrary.”
Delta’s representative, named Vincent M. Keit, also promises to forward the complaint to Delta’s Online Customer Support Desk Team for further analysis.
Bug not in iOS
As you might have already guessed, the flaw isn’t found in Apple’s operating system, despite being able to affect boarding passes found in the Passbook app on iOS 7 and iOS 8 devices.
The flaw is inherent to Delta’s backend, and the airline has yet to confirm whether or not it has been able to address the issue since the time it was reported to them.
It is worth noting that this is at least the third case of Passbook hacking reported this year alone, so it might be a good idea to put convenience aside and just head to your terminal with a paper ticket in your hand.
