Support Skift’s Independent JournalismMake a Contribution Now
The Washington Post was alerted to the vulnerabilities by concerned passengers and verified them through independent security experts. At the request of U.S. officials, The Post is withholding details that would make it easier for the vulnerabilities to be exploited.
The security gaps center on airline boarding passes, which can be issued up to 24 hours before a flight’s departure. According to security researchers, the bar codes on those passes can be manipulated with widely available technology to change the information they contain: passenger identification, flight data, and codes indicating whether a passenger has qualified for expedited screening.