When was the last time you took a flight to someplace and back and then carelessly threw your boarding pass into the bin without even thinking twice? Well if you regularly follow this habit, then you will be concerned to know that every boarding pass contains a barcode that holds a lot of personal information about you and your trip. So if a hacker gets his hands on that boarding pass somehow, he can easily use that information to gain your personal details and subsequently misuse them.
What is a barcoded boarding pass?
A Bar-Coded Boarding Pass (BCBP) is the standard for printing and scanning customer boarding passes, and it is commonly used by more than 200 airline operators around the world. The 2-D barcode can be printed on paper or can be sent to a smartphone, which is then scanned by the airport authorities to validate customers before they board a flight. Since 2010, all boarding passes have been required to be barcoded by law.
So what information does a barcoded boarding pass contain?
According to security researchers around the world, the barcode on a boarding pass definitely contains all the information that is handwritten on the pass itself. In addition to that, it also contains the customer’s frequent flier number and the record key for the flight that the customer took.
How can this information be hacked or misused?
While taken in isolation, this information cannot pose much danger to an individual. But if an experience hacker or malicious person gets his hands on this data, he can easily use it to hack into the account of the flier and then subsequently gain access into other personal accounts as well. A well-versed hacker just needs one entry point and can then cause maximum damage in a chain reaction. Through the details on the barcode, the attackers ultimately can get access to the fliers:
- Phone number
- Email address
- Frequent flier number
- Information about all future flights from that account
- Linked access to email accounts
- Linked access to card details or financial accounts
- Ability to perform social engineering with the information available
So while the information that can be gained from a boarding pass and barcode is not that dangerous at first glance, it can be misused by an experienced hacker and malicious party to cause further damage and get access to other accounts. So the best way to dispose the boarding pass after flying is to either shred it, burn it or at least tear the barcode section into small pieces so that they cannot be pasted together. You can read more about this here and here.
Some other common tips for travelers and frequent fliers are as below:
- When your smartphone is on a roaming network, data usage can increase drastically. So keep your roaming data off and only use apps and services on Wi-Fi.
- If you are connecting to a free Wi-Fi network, don’t make any financial transactions or login to personal accounts. Use the network only for browsing.
- Additionally, you can also use the VPN feature of your phone to encrypt the data on it while connected to such networks.
- Make sure your phone has a screen lock enabled, in case someone else gets their hands on it.
- Enable anti-theft features in case you lose your phone while traveling. You can use Google features, your phone’s in-built features or the features of security software for this purpose.
- Use cloud storage services to save your pictures and memories in case you lose your phone without notice.
- Keep email alerts and SMS notifications switched on for your credit/debit cards.
- Lastly, inform your bank that you are traveling so that they can also keep an eye on your account information and notify you in case of any discrepancies.