A group of Greek students claim to have found a flaw in passbook by which false boarding passes could be generated for any European airline that would allow "free flying".
«Taking advantage of PassBook to fly for free»
This is the title of the presentation that a group of computer science students at the University of Crete in Greece prepares for a hacker conference to be held next month.
Anthony Hariton, a spokesman for this group, confirms that it is possible to generate false but valid boarding passes thanks to a failure in Passbook, the application of Apple Lossless Audio CODEC (ALAC), that allows to carry in the iPhone loyalty cards, event tickets and even flight boarding passes.
According to this student, the process would be relatively simple and an "expert profile" would not be necessary to achieve it. Everything indicates that the root of the problem would be in the generation of QR codes, which does not depend on the apple company, although it could also be a security failure of the app, which could generate problems for Cupertino with respect to third parties that have integrated Passbook within their sales systems.
At the moment, and awaiting the announced presentation, this group of students has not confirmed anything else in this regard, although it is suspected that they could have put their discovery into practice in order to really verify it since their spokesperson assures that, in addition to trick passbook, it is necessary "a good poker face and nerves of steel", What he calls"social engineering and some other tactic”In order to complete the entire process.
SOURCE: MovilZona