Ever gazed longingly at the door of an airline business class lounge when you were only carrying a pathetic economy-class ticket? Polish computer security expert Przemek Jaroszewski has—and he hacked his way past the velvet ropes.
Jaroszewski, a frequent flier, figured out that most airport lounges don’t actually cross-reference passengers with actual bookings. They merely scan codes printed on tickets. So he created a simple Android app for his personal phone that can generate a QR code that encodes a false name (he used “Bartholomew Simpson,” nudge nudge) but bears a real flight number with an executive-level class code.
That fake code can be scanned by receptionists to gain entry to frequent flyer lounges, where he can read all the free newspapers he wants. It’s also possible to make multiple duty free purchases using the spoofed code, because shop registers don’t cross-reference with actual bookings, either.
Jaroszewski, who divulged his discovery at a hacker convention in Las Vegas last week, swears his hack was merely an exercise—he has only tried it in Europe and he claims he’s not making his app available to the public.
The two things it can't be used for are security checkpoints and boarding, because those do require a confirmed reservation—but Jaroszewski warns that would be possible with a little more hacking.
“Boarding passes have become almost entirely bar-coded,” he writes. “And they are increasingly often checked by machines rather than humans.” Until that’s fixed, anyone can fake their way into an airline frequent flyer lounge—and no tiny bottle of liquor or half-eaten bowl of stale pretzels will be safe.
