So, good morning, everyone.
Hope you're enjoying DEF CON so far.
Happy to see so many people early in the morning on the last day.
So, hope I won't get you asleep.
Let's start with it.
Okay, so...
A bit of introduction.
I'm the head of the national Polish CSERT,
so that's Computer Security Incident Response Team.
That's my job, but this research is not related to the job in any way.
So, just a disclaimer, that's my research
and not necessarily all opinions are shared by my employer.
My background is a programmer, but that was a long time ago.
I eventually got a degree in social psychology.
That's not social engineering, that's related,
but I got it.
I don't think they give degrees in social engineering yet.
And I have 15 years of experience in IT security.
I also love everything about, you know, flying and aviation.
I almost became an air traffic controller trainee at some moment.
And I love to learn how systems work,
you know, how everything is going on in the background.
So, also, because I tend to fly,
I fly a lot, both privately and because of my employer,
I enjoy some benefits for frequent flyers.
And I have some kind of disregard for frequent flyers.
They don't have any real value to me anymore,
but I still enjoy the privileges,
like lounge access or fast track access.
They really save you time and give you some comfort at the airports.
Except when somebody tries to fix the problem,
when the problem doesn't really exist.
So about a year ago, my home airport in Warsaw
introduced this automatic self-service gates,
which were supposed to speed things up.
Because instead of, you know, waving your boarding pass in front of a person,
have them scanning it,
you just use a scanner and the gates let you in.
The only problem was with the fast track,
it didn't read my status properly.
So it would let in all the business class passengers,
but I tend to travel on economy,
and I only get the fast track access because I have this gold status.
So it wouldn't read the status properly.
So I would have to go to the guy anyway,
show him my boarding pass,
make him come to the gate,
scan my boarding pass like two or three times.
Like, you know, it's kind of counterproductive.
Like, you know, it wastes about 30 seconds of my precious time,
and the guy probably has better things to do.
So like, let's see if I can fix things.
So let's rewind a little bit.
What are we talking about?
As you probably noticed for the past 10 years or so,
you get this little barcode on your boarding pass.
Whether it's mobile, it's on paper,
you still get a nice 2D barcode on your boarding pass.
And that was interesting.
It was introduced in 2005 by IATA,
which is International Air Traffic Association,
if I get it properly, resolution.
Number 792.
It introduces something called barcoded boarding pass standard,
which is adapted by all airlines, airports,
everybody who deals with boarding passes,
they have to obey to that standard.
And...
So you get four different kinds of barcodes,
which can be used.
When you have a paper boarding pass,
it must always be PDF 417,
which is the nice rectangle one, the white one.
If it's on mobile, it should be one of the square ones.
So it's QR code, which you probably know about,
and the Aztec and data matrix,
which we have examples of down here.
So...
You know, I got...
on Google Play,
started looking for barcode scanners
to make my life easier,
and fairly enough, you get, like, dozens of them.
So the two in the middle,
barcode scanner by GeeksLab and Manatee,
would become my two favorites.
But you get a wide choice.
So with freely available tools,
you can see what's inside.
And this is pretty much what the boarding pass looks like
when it's encoded in BCBP.
So it's just a bunch of characters.
And sort of by trial and error,
I started figuring out, like,
okay, if it doesn't read the...
my frequent flyer status properly,
so probably I need to adjust the booking class, right?
I need to say I'm in business,
and if that's what it reads,
then let's see if it will let me in.
So the other tool I would need
would be a boarding pass generator,
and fairly enough, there's also a bunch of them
on Google Play Store,
and I'm pretty sure on Apple Store as well.
So like I said, first by trial and error,
I figured out, like,
this would be the travel class character.
If you fly a little bit, you...
kind of get used to these letters,
like M would be for economy, or Y would be for economy,
C would be for business, things like that.
And you also can pretty clearly see some things standing out,
like first name, last name,
origin airport, departure airport,
sorry, departure airport,
destination airport, flight number,
so some things you can make up
just by looking at the clear text characters.
So let's see if I switch this little character to C.
And mysteriously, it worked.
It would let me in.
So, fine, I saved 30 seconds of my time
every time I traveled through the fast track.
So it's free fast track for all travelers.
Neat, but what else can we get?
If this is not verified,
what else is not verified?
What else can I play with?
Anyway, I started changing different things,
you know, first name, last name.
Fairly enough, lets you in.
So then I was like, okay,
so if there's one thing that can be verified easily,
it's the booking code, right?
Because that can be looked up in the reservation system,
and maybe that could be matched to your boarding pass,
and, well, they could at least know
whether you're traveling or not,
whether the reservation is there or not,
or somebody, you know, just making up things.
So let's go ahead and change this.
And it would also let me in.
So now I'm getting really confused.
So what we are getting here is now airport access for all,
pretty much, right?
And just a bit of explanation.
That was in Warsaw.
I tested it in a number of different airports.
In the U.S., it would work a bit differently,
which I will come back to in a minute.
But this works in a lot of airports.
It's not something specific to Warsaw
or, you know, just one or two airports.
And we will come back to why that is.
So it's not just fast-track access.
It's, you know, airport access for all.
And, yeah, I felt like, you know,
it was like millions of travelers per day.
Like, how come nobody noticed it,
that somebody had to spill this out already?
And, yeah, this is not entirely news.
So back in 2003, Bruce Schneier already noticed
when the concept of print your own boarding pass was introduced,
even before the bar-coded boarding pass was there,
that you can spoof a boarding pass,
and with this, you could also circumvent
the no-fly-list checks in the U.S.
That was 2003.
Until 2007, this was not fixed in any way.
And November 2006, Chris Sokoyan
put up a web page where anybody could produce a fake,
I think it was Southwest boarding pass,
and he got into a lot of trouble for that.
So he got pretty much FBA-rated his home.
You know, he got a nice letter from TSA saying, like,
you are violating these and these laws, don't do it, please.
There's also two articles from 2008 and 2011,
which were done jointly with Bruce Schneier.
They also touch a bit on physical security.
I totally recommend going and reading them.
It's very entertaining.
And in 2012, John Butler also wrote an article
on how you could possibly figure out
whether you are pre-check eligible
or actually make yourself pre-check eligible.
Most of the technical stuff he got wrong in the article,
but anyway, the idea was kind of cool.
And he, you know, made some things right at least.
So how did the no-fly-list bypass work back in 2003?
So you would have to buy tickets under a false name,
because when you are buying the tickets,
your name gets, you know, matched against the no-fly-list.
Then you print your boarding pass at home.
So this is one point where things get checked.
So your name against the no-fly-list.
Then you create a copy of the boarding pass
and put your real name on it,
which is on the no-fly-list, but we'll come to that.
Then you present the fake boarding pass
to the TSA officer along with your ID.
And the problem here is that TSA officers
did not have access to the reservation system,
so they only validated the boarding pass against your ID.
So, you know, it's a fake boarding pass,
but the name matches with your ID.
You're good to go.
And then when you actually board the plane,
you discard the fake boarding pass,
you produce your original boarding pass again,
which matches the reservation system.
And you can fly.
So that was in 2003.
And, like I said, it was the same thing
described in 2006 and 2007.
It got a bit improved since then,
and we'll come to that.
So this is the letter.
I don't know if you can see it,
but it's easy to Google it up.
It's the letter that Mr. Sokoyan got
for revealing this letter
and making up this fake boarding pass creator.
So how does bypassing no-fly-list
work in 2016 in Europe?
So you basically buy tickets under a false name,
then you go to the airport and fly.
So...
not exactly an improvement.
Why is that?
First of all,
there's like two impacting factors.
One is that some airlines are more business-conscious
than the other,
so they actually
check your ID when you are boarding.
But again, this is not the airport thing,
it's the airline thing.
And why the airlines do it
is because of protecting their business.
So you just don't buy cheap tickets
and then resell them to somebody else.
It's only for that reason.
And it's mostly low-cost airlines
which will check your IDs.
Regular airlines almost never check your IDs in Europe.
And ID checks at the security checkpoints
have been abandoned like two or three years ago.
When you are traveling domestically,
but not only domestically,
because of Schengen area,
which I don't know how many of you know what it is,
but it's like 26 countries in Europe.
It's not the same as European Union.
It's 26 countries in Europe
which agreed to abandon border checks.
So you only have increased border checks
around the Schengen area
and a lot of information exchange
between the countries
on immigration.
But there's no checks within the area.
So you can freely roam.
We don't need to follow the border checkpoints.
You can just hike in the mountains or whatever.
And when traveling within the Schengen zone,
and it was officially asked to the governments, etc.,
why there's no ID controls at the airport.
There's no reason to do it.
Security is provided by physical security screening.
Fair enough.
Okay.
So let's go back a bit.
Turns out I didn't need to be reverse engineering
this boarding pass format.
It's all public.
This IATA resolution is all public.
You can just go and download it.
And this is the part which is mandatory
for the boarding pass.
So it's 60 characters.
And you get things like first name, last name.
You get the compartment code,
which is the travel class.
Can anybody spot a problem here?
This is all that is mandatory.
Nothing else is mandatory.
So I'm gonna help you here.
There's absolutely no integrity checks
and no authentication provided.
It's just a 60 characters.
And they're as good as you provide them.
And just to be fair,
this is the full specification.
And there's a bunch of optional items.
And one of them in the bottom is the security part.
Where you can provide something called security.
This is what they call a certificate,
which is basically a digital signature
for the boarding pass.
So it can be included,
but it's optional.
And we will come back to that.
So the other way to verify it,
like I said,
would be to look up the booking number
in the reservation system.
So let's see.
Where is this passenger data stored?
Where could it be looked up?
So basically,
it's stored in something called
computer reservation systems,
which store your data
in a format of passenger name records,
which include lots of data,
including lots of private data,
which is not only your first name and last name,
address, email address,
but also things like special requests,
which means whether you need special assistance,
like a wheelchair or something,
whether you have special dietary requirements,
which could tell you, like,
whether you're Muslim or Jewish or things like that,
and loyalty programs data, et cetera.
And also,
if you provided contacts for your precious ones
in case of emergency,
it would also end up there.
So this is one of the problems.
There's a lot of private information,
which is not, you know,
allowed to be shared between different parties.
The other problem is
there's a lot of computer reservation systems out there.
Like, there's a single reservation system for all.
So it's not you just go and look up the data
by the PNR code,
and you will pull out whatever you need.
You need to know where to look for it.
And there are a number of global distribution systems,
which are, like, huge CRSs
used by multiple airlines.
Most famous ones are, like,
Sabre and Amadeus and Galileo and WorldSpan.
But there's also a lot of proprietary ones,
which are used by small airlines.
They don't pay the fees to big systems.
They just run their own.
And as long as it works for them, it's fine.
You know, basically,
the only place where you need to look up this information
is when you buy your tickets,
when you check in,
and when you're boarding the plane.
So normally,
airports don't have access to this data.
Also, to make things more confusing and complicated,
when you make a single reservation,
it may end up with bits of information
scattered around different reservation systems.
So when I made the reservation for my flight here,
I had a couple of flights
code-shared with Polish airlines.
You know, the reservation was with United,
which is using a different reservation system
than a lot of Polish airlines.
So at least two reservation systems would be involved.
And if I was making that reservation
through a travel agency,
which is using a third reservation system,
that would be at least three PNRs
in three reservation systems.
And, you know, that's kind of confusing.
And data access is not a problem.
It's not only limited across, you know,
different reservation systems,
but not everybody, like I said,
because of privacy reasons,
has access to the same pieces of information
in the system.
And, yeah, notice of advice.
The barcode will usually have more information
than is just in clear print.
And if you use that information,
you can access the reservations,
you can access a lot of this private data
online, and you can even make some changes,
like canceling tickets or modifying your itinerary.
So just don't post anything
without making sure it's anonymized
or blurred or something.
And this is one of the examples,
which is kind of ridiculous,
because, like I said, everybody can go.
If you know which CSR system is used by the airline,
everybody can go to the website.
If you have this PNR locator,
which is also known as booking code
or reference reservation number,
you put it in,
and then you put the passenger's name in,
and you get most of this data.
At least you can see whether the reservation
is there or not,
but airports are not allowed to do so.
And from the reservation system,
the data is then moved
into a couple of other systems.
One of them would be departure control system,
which is basically the system
which is used after you check in
to make sure
that only the checked-in passengers get on board.
It also stores your seat assignments,
baggage information, et cetera.
There's also a thing called
API advanced passenger information.
Not advanced.
Advanced passenger information,
which is sent to border agencies
of several dozens of countries
which require that.
So it will let them know
who is coming to their country,
and they can do some pre-screening
and tell the airlines, like,
this guy needs some additional security
before he boards the plane.
There's also PNRgov,
which is not exactly another system.
It's just a message exchange format
to exchange PNR information,
so the passenger record information
with the government agencies.
It's not widely used, though,
apart from sending
advanced passenger information,
which, again, has nothing to do with
looking at the information at the airports.
It's just for the border agencies.
And there is secure flight program,
which I will describe more in detail
in a moment.
So, okay.
To make things easier for me,
I put up a simple web page,
and I hope I will be able to show it.
Now, it's all JavaScript,
so it works offline.
And I found a nice JavaScript library
for producing Aztec codes.
So...
Yeah, PNR doesn't matter,
as I show you.
Um...
Whatever...
And there you go.
And, um...
Wait, wait, wait.
And I forgot to tell you,
the only thing that actually needs to work
is the flight number and the date.
So the flight number actually gets matched
against the list of flights
that depart from the airport.
Yeah, also the departure airport
needs to match the departure airport
configured with the gate.
And the date needs to match.
It can be also the next day,
because, you know,
sometimes you enter the airport
and your flight is early in the morning.
So it can be either of the two.
Okay, with paper,
it's just a bit less fun.
So like I said,
these automatic gates
help things enormously,
because you don't even have to deal with humans.
Right?
You don't have to produce anything
which is even remotely,
legitimately looking.
It's just a barcode.
But when you need a paper,
it's no big deal.
You just need to have this paper.
So you need to edit the PDF probably.
And I already have, you know,
a couple of templates for the airlines I use.
And by the way,
Microsoft Word is a great PDF editing tool.
Really, you can just open the PDF
and it will, you know,
convert it to a Word document
and you can do all the editing you need.
And just remember that,
anyway, although people tend to look at the paper,
they will have to scan the barcode anyway,
so it should match the information
that you have on the paper.
So now let's get some fun, actually.
You know, just getting to the airport is not much.
So how about accessing lounges?
So with contract lounges,
just basically it's almost too easy, right?
Because they have no way
to access this private information.
So they have no way
to look up the passenger records.
So, you know,
they will gladly buy whatever you present.
Just a bit of advice.
It needs to be based on the travel class.
Because if you present the gold card,
you will be asked for the physical gold card.
Also your data will be written down.
And actually, even if you have the card,
but for example the status expired or something,
they actually have a way to look it up online.
So there is apparently a system
when you can look up the status card status
and if it's valid and so on.
So a bit trickier,
it should be with the airline operated lounges, right?
Because they are the airlines,
they have access to passenger data,
so they should be able to verify the status.
And there is at least one airline
which attempts to do it.
It's Scandinavian Airlines.
They also have these lounges which are,
they will let you in with automatic gates.
So I felt like this is easy
and I travel through Copenhagen very often.
So it gives you a lot of opportunities
for trial and error.
And then, yeah, they actually do
and at least seem to do
the checks on the reservation system.
So whenever I tried to fiddle with like booking class,
it would, or my status,
it would just bounce me
with a, it would always bounce with the same message
like departure airport is not right
or something like that.
So, you know, a bit vague.
But, you know, after it did so five times,
I figured like it must have,
it must be just one message for, you know,
all kinds of errors.
So anyway, they do some checking.
Except, you know, there's another,
there's a lot of other airlines which,
the passengers of which are also eligible
to use the lounge.
Like SAS is in Star Alliance.
And it's about, you know, 15 or 20 other airlines
which are on Star Alliance.
And when you are traveling on another carrier
within the same alliance
and you are traveling on business,
you can still get into the lounge.
And guess what?
Not all airlines use the same reservation system.
So all you need is to find a flight
which is departing, you know,
in a reasonable timeframe,
operated by another carrier.
Hopefully that one that uses another reservation system
but it shouldn't be necessary.
And produce a fake boarding pass for that carrier.
And guess what?
It worked.
So I just used Brussels Airlines,
which uses totally different reservation system.
And I put up information in a boarding pass
from that, for that flight.
And it let me in.
Also there's some airlines which don't do it properly.
Specifically this one.
It's the best airline in the world.
According to many people.
One in Istanbul.
And it's operated by Turkish Airlines.
And I thought, like, this is going to be hard.
Because it's really 99% flights are operated by Turkish.
From that airport on Star Alliance.
So there are very few flights which are Star Alliance
but not Turkish.
So what am I going to do?
Well, let's first try if they will let me in with,
you know, just a random Turkish flight.
And then I'll give you some data.
So...
I just looked up, you know, on the departure board,
I looked up a random flight from Istanbul to London Gatwick.
I like to use the name of Bartholomew Simpson.
He was a good pranker.
Prankster.
Yeah, the date needs to match.
And I need to warn you, I had the camera hidden in plain sight.
So it was dangling from my shoulder back.
So this is the automatic gates.
No need to talk to the dragon lady.
And by the way, this is a full-sized cinema.
Inside the lounge.
Yeah.
You don't need to be traveling, like I said.
You can do the same to enter the airport.
You will still go through security screening.
So they will take all your liquids.
But no need to worry here.
And, you know, after Wired did an article on this.
And they actually published this video.
I got, you know, lots of requests, by the way.
This one is from Israeli lawyer.
Like, what's wrong with Israeli lawyers?
Really, are they paid so bad that they can't afford lounge access?
One other nice thing is you have duty-free shops at the airports.
Right?
And, again, you don't need to be traveling.
And in many countries, it's not like in the U.S.
So you don't get your seat back in the passenger seat.
You just get it to go.
And the eligibility for tax-free prices is determined on whether you are traveling inside the EU or outside the EU.
So if it's inside the EU, it's...
Domestic prices.
So including tax.
And if you're traveling outside the EU, you get this tax-free price.
And here's the difference.
So to convert it to you.
It's one liter.
I have no idea what it is in the U.S.
But it's about 25 shots.
And 20...
And then...
25 zlotys is about...
7 dollars.
So I think it's a good deal.
So what do we get?
It's airport access.
So you can meet and greet your loved ones.
Do some sightseeing.
Fast track.
Free lunch and booze.
Duty-free shopping.
Okay.
Let's get to some serious stuff.
Like how can it be prevented?
And what is actually done to prevent it?
So IATA has a nice section in...
I think it's 80 pages or so document.
But it's half a page section on fraud prevention.
Which nicely identifies the risks associated with boarding by BCBP.
So it can be modified.
It can be forged.
It can be duplicated.
And pretty much all the mitigation they came up with is...
Check that the passenger is on the passenger name list.
And add a certificate.
And like I said, by certificate, I really mean the digital signature.
So let's see how the digital signature is doing.
So it was introduced in 2009 by version 3 of the standard.
And it's based on PKI.
And one thing about PKI is it needs to be deployed properly.
So you need to distribute the public keys.
So it would have to be there at every checkpoint.
You would have to maintain the CRLs.
Et cetera, et cetera.
And also, many airlines would still use...
Version 1, which does not support digital signatures.
So all the readers also need to support these old versions.
And again, this field is optional.
And this is quotation from the document.
Optional and to be used only when required by the local security administration.
So it's not even encouraged.
Like it's only to be used when it's required.
The specific algorithm is determined by the authority.
And this was enforced by TSA to U.S. carriers.
But not entirely.
For example, when I was traveling here, I had my boarding card produced in Amsterdam.
And it was printed neatly on United paper.
But it had no digital signature.
I will come to that.
There's another thing which could be used.
Which is a standard called BCBP XML.
This is for transporting data between checkpoints and the airline systems.
So it's just the data format.
Which is standardized by IATA.
And it could be used to check the PNR data against the reservation systems with no private information getting transferred.
So you just send whatever you scanned from PNR.
And the airline would come up with the data.
And the zero or one.
So good to go or not good to go.
Possibly with an explanation if it's not good to go with the reason.
The problem again is the complexity.
Many airports are serving like more than 200 airlines.
And they would have to connect to each of their reservation systems.
Right?
And if they don't connect to 10 out of 200, you still have a way to produce a fake boarding pass pretty much.
If you don't cover 100%, you still get a loophole.
So just the complexity of the solution probably is the reason why it doesn't really work.
And I haven't seen it deployed anywhere.
And there's also one thing that TSA seems to be doing right.
At least starting from 2018.
2013.
So secure flight is a program that they've implemented in 2009.
And the reason for the program was to take over the monitoring of watch lists.
So the no-fly lists and the secondary screening lists from the airlines to the TSA authorities.
So instead of relying on airlines, they said like, no, no, no.
We need this information.
And we will do the verification.
Also part of the secure flight is the TSA pre-check program introduced in 2011.
So you get this nice BCBP field specifically for this reason.
Which is called select the indicator.
Which tells you whether you are like selected for the secondary screening.
Or whether you're eligible for pre-check.
Or whether you're just traveling as usual.
And in 2013, TSA started networking their devices.
The scanning devices.
To pull passenger data from this secure flight.
And it includes passengers full name, gender, date of birth, screening status, reservation number, flight itinerary.
So it can be verified if it's deployed at all the airports.
I'm not sure about that.
It can be verified at the screening checkpoint.
And if it doesn't match exactly, you know, they have like a nice list of suggestions.
Like this passenger's name is close enough.
You know, maybe it's one of these.
So technically they have a way to do it now.
Again, whether it's deployed properly and how many airports support it, I'm not sure.
It just started in 2013.
And generally it's a correct way to do it probably.
And okay.
Why is DEF CON awesome?
I thought I had my presentation, you know, all fixed and done.
And then on, I think it was Tuesday or Wednesday, I get contacted by Kyle Kosher.
Saying like, hey, I saw your talk on the agenda.
And here's something that I got from eBay.
And maybe you want to play with that.
And it's something was.
This beauty.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. .
. . .
like a limited number of parties and this this offer is no longer on eBay
unfortunately it was I think 160 dollars so not a big deal so I had like two days
to play with that and I exchanged a couple of messages with Carl and then
here's how it works so you see the booting
you see airport is dash dash dash yeah because departure airport is not
configured so it's you know we have some constraints so let's try scanning any
random boarding pass so now when you go with the any random old boarding pass
likely the departure airport is not dash dash dash it's something else and the
date is probably not the same as on the boarding pass on the scanner sorry but
it will work.
have a valid signature let's see what it does so it says invalid departure
location referred to counter so it did not complain about the signature but it
did complain about the departure airport so okay so let's fix the departure
airport
sorry again
this time with audio
you
you
you
you
you
you
you
you
you
you
you you should keep this is a you'll see us but let's just in the
locker room
security
security
alright
why is she tell me to go
Philadelphia
Okay. So now the departure location was okay, date was okay, but the signature is invalid.
And it says, refer to superior. So I don't know if you noticed, but it actually
said that the SIG is not there. So it should go through some manual checking.
The problem I see here is it still gives you a green light and one beep. So depending how vigilant
the TSA agent is and how much noise to radio he has, he has a good chance of missing this.
So yeah, let's try modifying the select indicator.
So three beeps, green light, and you'll see the LLL. So you're eligible for pre-check.
Or if you fancy, you can actually go for secondary screening.
Yeah, SSS.
Okay. So airport access is confirmed. Fast track is confirmed. Financier's
booth is confirmed. Duty-free shopping is confirmed. Pre-check, I'm not sure,
right? Nice idea to play with if you have balls.
So now about responsible disclosure. I actually,
I went out and I tried to talk about this problem to several authorities and airports and
airlines because it's their problem eventually. And this is what came back.
So first I contacted a lot of Polish airlines. They say like,
no, we just issue boarding passes and it's the airport that verifies it.
So I went to the airports. And in these two cases, I was lucky because I actually had
known people on the management board, at the management board level. So I was able
to talk to them in person. And the airport authority said like, yeah, it's a known issue,
but it's not really a problem. We're, you know, you're following all the guidelines and laws.
That's fine. Then the civil aviation authority, like it took them three or four months to reply.
They said, all they had to say was like, boarding pass forgery is a crime. Don't do it.
It's like, okay, according to my lawyer,
or not exactly my lawyer, but the lawyer I know, is if you want to have a legitimate document,
you need to have a way to verify it. It's not a document if you cannot verify it,
if it doesn't bear any signature at all. It's not the exact wording they use,
but it was pretty much the message. And this is also what I got from Turkish Airlines and SAS.
You know, I'll comment here.
And the question you might have is like, will it actually get me flying.
And the short answer would be no. Like there would be very rare circumstances when you would
be able to get on the plane, but you would be likely spotted before it even departs,
and it would get you into a lot of trouble. So I don't recommend doing that.
But you can still have a nice souvenir. And that's kind of a bonus.
So one of the airports in Europe and I will not name them because they actually had a you know
They communicated very openly with me and they said like why why it is they confirmed is because privacy
They decided to have like loyalty program for the passenger
Which makes sense because the airport collects fees on every departing passengers, so they want to encourage traffic
So they have this, you know
list of gadgets that you can get
For a certain number of points and the points you get for every departing flights and to register a departing flight
You need to scan your loyalty card and your boarding pass
Like what can go wrong, right?
So here's a simple equation
So I really liked the blanket in the middle
It would cost me 600 points, which is six flights and you see five QR codes because I had you know one
legit flight
Amazing you know it was and the funny thing is that it was you know
I even made it look that sort of legit because I produce
the QR codes for the flights like over the next
over the next two days and
It could really fit into a story like I was flying to Edinburgh and then going back in three hours and I could make
So to wrap it up
It's the privacy
privacy and complexity of the system, which is preventing this exchange of data.
And, you know, most important point, while the US did a reasonably good job preventing that,
other places actually lowered the bar for us, especially with introducing the automatic gates.
So here are the sources, and don't worry, because this is the link for the slides.
And most of that will also be on the conference DVD.
So thank you, I don't think we have time for questions, but I hope you liked it.