# DEF CON 24 - Hacking boarding passes for fun and profit
{% hint style="info" %}
**2022년 NHN Cloud ****무료**** 교육일정** :
{% endhint %}
## 제목 : DEF CON 24 - Hacking boarding passes for fun and profit
{% hint style="danger" %}
**주의 : 테스트 이외의 목적으로 발생 되는 문제점에 대해서는 프로그램을 사용하는 사용자가 책임을 지셔야 한다는 것을 알려 드립니다.**
**Disclaimer: I am not responsible for any damage done using this tool. This tool should only be used for educational purposes and for penetration testing.**
{% endhint %}
### Description :
> While traveling through airports, we usually don't give a second thought about why our boarding passes are scanned at various places. After all, it's all for the sake of passengers' security. Or is it? The fact that boarding pass security is broken has been proven many times by researchers who easily crafted their passes, effectively bypassing not just ‘passenger only’ screening, but also no-fly lists. Since then, not only security problems have not been solved, but boarding passes have become almost entirely bar-coded. And they are increasingly often checked by machines rather than humans. Effectively, we're dealing with simple unencrypted strings of characters containing all the information needed to decide on our eligibility for fast lane access, duty-free shopping, and more...
>
> With a set of easily available tools, boarding pass hacking is easier than ever, and the checks are mostly a security theater. In my talk, I will discuss in depth how the boarding pass information is created, encoded and validated. I will demonstrate how easy it is to craft own boarding pass that works perfectly at most checkpoints (and explain why it doesn't work at other ones).
>
> I will also discuss IATA recommendations, security measures implemented in boarding passes (such as digital signatures) and their (in)effectiveness, as well as responses I got from different institutions involved in handling boarding passes. There will be some fun, as well as some serious questions that I don't necessarily have good answers to.
>
> Przemek Jaroszewski is a member of CERT Polska (part of Research and Academic Computer Network in Poland) since 2001, where his current position is the head of incident response. He started his education as a programmer at Warsaw University of Technology, to eventually get his master's degree in Social Psychology from University of Social Sciences and Humanities in Warsaw. A frequent flyer in both professional and private lives, and a big aviation enthusiast - using every opportunity to learn about everything from inner workings of airports, airlines, ATC etc. to life-hacking of loyalty programs.
{% embed url="" %}
시연 영상
{% endembed %}
{% hint style="info" %}
**2022년 NHN Cloud ****무료**** 교육일정** :
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://sec.skill.or.kr/defcon/defcon24-1.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.