Luggage Tag Code Unlocks Your Flights, Identity to Hackers
Booking a flight has become a simple process thanks to the Internet, and once you have flights secured you can relax, right? Well, for the most part that’s true. Your seats are yours, as long as a hacker doesn’t decide to stop you flying, which turns out to be very easy to do.
Karstein Nohl and Nemanja Nikodejevic from German security company Security Research Labs have revealed how poorly the travel booking systems we all rely on are protected. In fact, the three largest Global Distributed Systems (GDS) handling flight reservations for travel worldwide are open to abuse in several ways.
Amadeus, Sabre, and Travelport are the three systems that handle over 90 percent of flight reservations. According to the researchers, these systems date back to the 70s and 80s and have only been integrated with the more modern web infrastructure rather than replaced completely. What this means is, authentication on the system is very weak due to it being decades old.
Each traveler on a GDS is identified by a six digit code which is also the booking code (known as a PNR Locator). That ID is printed on boarding passes and luggage tags, meaning anyone near your luggage or who views your pass can see it and easily snap a shot of it with their smartphone.
