It sounds way too good to be true. “One Weird Trick Can Get You Into Any Airline Lounge You Want!” But as Wired reports, one ethical hacker did actually find a simple way to trick the computer systems used by airline lounges across the world.
The security flaw was discovered by Przemek Jaroszewski, the head of Poland’s Computer Emergency Response Team. He discovered that lounge access is coded into the QR code of an electronic boarding pass, but not verified by any central database.
So, he did what any bored hacker would do: wrote an Android app that creates a fake, but perfectly scanning boarding pass, which would guarantee him access to any airport lounge. According to Wired, he used the app “dozens of times” to enter lounges all over Europe.
The hack hasn’t been tested in North America, so it’s possible that it would be defeated by more stringent checks. The TSA told Wired that lounge security is the responsibility of the airlines, and is nothing to do with the more general security apparatus. That indicates that Jaroszewski’s fake boarding pass wouldn’t get you onto a plane.
This isn’t the first time airline security has been questioned over fake boarding passes. Researchers have time and again proven that the barcodes on boarding passes aren’t as secure as they seem. Although gaining access to a lounge isn’t quite the same as attacking a plane, it’s still a bad mark for the airlines (not to mention, a useful workaround for clever travelers).