Click to Skip Ad
Closing in...

Hacker uses fake boarding pass to get into every airline lounge for free

Published Aug 5th, 2016 2:40PM EDT
Airport Lounge Access Hack
Image: Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

It sounds way too good to be true. “One Weird Trick Can Get You Into Any Airline Lounge You Want!” But as Wired reports, one ethical hacker did actually find a simple way to trick the computer systems used by airline lounges across the world.

The security flaw was discovered by Przemek Jaroszewski, the head of Poland’s Computer Emergency Response Team. He discovered that lounge access is coded into the QR code of an electronic boarding pass, but not verified by any central database.

DON’T MISS: Watch out for a Walmart phishing scam, coming soon

So, he did what any bored hacker would do: wrote an Android app that creates a fake, but perfectly scanning boarding pass, which would guarantee him access to any airport lounge. According to Wired, he used the app “dozens of times” to enter lounges all over Europe.

The hack hasn’t been tested in North America, so it’s possible that it would be defeated by more stringent checks. The TSA told Wired that lounge security is the responsibility of the airlines, and is nothing to do with the more general security apparatus. That indicates that Jaroszewski’s fake boarding pass wouldn’t get you onto a plane.

This isn’t the first time airline security has been questioned over fake boarding passes. Researchers have time and again proven that the barcodes on boarding passes aren’t as secure as they seem. Although gaining access to a lounge isn’t quite the same as attacking a plane, it’s still a bad mark for the airlines (not to mention, a useful workaround for clever travelers).

Chris Mills
Chris Mills News Editor

Chris Mills has been a news editor and writer for over 15 years, starting at Future Publishing, Gawker Media, and then BGR. He studied at McGill University in Quebec, Canada.