Bruce Schneier’s latest piece in Wired:
Last week Christopher Soghoian created a Fake Boarding Pass Generator website, allowing anyone to create a fake Northwest Airlines boarding pass: any name, airport, date, flight.
This action got him visited by the FBI, who later came back, smashed open his front door, and seized his computers and other belongings. It resulted in calls for his arrest — the most visible by Rep. Edward Markey (D-Massachusetts) — who has since recanted. And it’s gotten him more publicity than he ever dreamed of.
All for demonstrating a known and obvious vulnerability in airport security involving boarding passes and IDs.
This vulnerability is nothing new. There was an article on CSOonline from February 2006. There was an article on Slate from February 2005. Sen. Chuck Schumer spoke about it as well. I wrote about it in the August 2003 issue of Crypto-Gram. It’s possible I was the first person to publish it, but I certainly wasn’t the first person to think of it.
It’s kind of obvious, really. If you can make a fake boarding pass, you can get through airport security with it. Big deal; we know.