15 Responses

  1. amejr999
    amejr999 23 October 2012 at 7:56 pm |

    It’s definitely not encrypted (I scanned an AA boarding pass from a few weeks ago and read it). But I’m pretty sure it was signed.

  2. glenn
    glenn 23 October 2012 at 8:06 pm |

    At least the military members using Pre-Check are using defacto encryption since they must present thier Common Access Card (CAC) card and TSA scans it with DoD before letting the person through.

  3. Ron
    Ron 23 October 2012 at 8:26 pm |

    The best question to ask is whether or not info from the BP is compared with Secure Flight data when scanned? More generally, are the scanners at checkpoints connected to a network? If they are, then it doesnt matter much that the QR code is signed/encrypted etc since it is just a PNR locator to an actual database at TSA (fed by airlines).

  4. jackal
    jackal 23 October 2012 at 9:12 pm |

    Ron, it isn’t. There is no real-time link between the readers at the checkpoints and any centralized database.

  5. Andrew
    Andrew 24 October 2012 at 6:23 am |

    Selfishly, I hope they don’t go and shut down TSA pre-check lanes until they figure this out…

  6. How the TSA has, again, failed on simple technology | WTF RLY REPORT

    [...] 25, 2012 The Wandering Aramean The last time the TSA got this much press for screwing up a basic technology task it was because [...]

  7. Pizzainmotion
    Pizzainmotion 25 October 2012 at 7:13 am |

    The (good?) news here is that this is fairly easy to rectify. I’ll be curious to see how long it takes TSA to fix. Count me in the camp of those that hopes they don’t close down Pre-Check while they figure it out. I just got it at my home airport (IAD) and don’t want to go back to the old checkpoints underground.

  8. News & Notes For Thursday, October 25th « Pizza In Motion

    [...] The TSA kinda screwed up in a pretty meaningful way in terms of randomizing security.  Wandering Aramean details how they could have avoided the problem. [...]

  9. Confirmation of the gaping hole in TSA Pre✓ - The Wandering Aramean

    [...] couple weeks ago the discussion about TSA and their flawed implementation of the PreCheck program was all about how passengers could potentially see whether they were [...]

  10. The Weekly Flyer
    The Weekly Flyer 5 November 2012 at 4:38 pm |

    WTF, have they even responded about this finding?

  11. TSA Boarding Pass Integrity Called Into Question | EazyBookings.com

    [...] potential issue with the data is that many boarding passes have no digital signature or other security information embedded in them. This leaves them ripe for alteration or forgery. The Washington Post recently confirmed that [...]

  12. TSA Boarding Pass Integrity Called Into Question | TravelBestRates

    [...] potential issue with the data is that many boarding passes have no digital signature or other security information embedded in them. This leaves them ripe for alteration or forgery. The Washington Post recently confirmed that [...]

  13. TSA Boarding Pass Integrity Called Into Question | Lombok Beach Hotel

    [...] potential issue with the data is that many boarding passes have no digital signature or other security information embedded in them. This leaves them ripe for alteration or forgery. The Washington Post recently confirmed that [...]

Comments are closed.