Boarding passes with unencrypted barcodes could reveal PreCheck tipoff

An aviation enthusiast has detailed a potential security vulnerability involving the barcodes found on flight boarding passes. Currently, the barcodes are unencrypted, allowing anyone with a scanner to read the details of a given flight, such as passenger information and destination. The most troubling aspect is that those looking at the information are also able to determine whether they’ve been selected to pass through the controversial full body scanners.

In his blog post, John Butler describes how the final number on a scanned boarding pass indicates the eligibility for the TSA’s PreCheck program. One beep after a scan, for instance, means there’s no PreCheck and that the passenger will have to pass through a scanner, while three beeps confirms PreCheck status. Ultimately, it’s feasible that anyone armed with the information could alter the “one” to a “three” and modify the boarding pass accordingly, especially since the TSA barcode scanners don’t check against real time information.