But not for Przemek Jaroszewski. Jaroszewski, head of Poland’s Computer Emergency Response Team and a frequent flyer with gold status uses a custom Android app that gives a boarding pass-tricking QR code, which allows him access to the first class lounge. So, how did he do it? It all started when he was not able to gain access at Warsaw’s airport due to an error with an automated boarding pass reader. Like any innovative hacker, Jaroszewski created a simple Android app that generates a valid QR code based on fake credentials he enters.
Jaroszewski’s tried and tested solution has worked several times in most of the swankiest lounge in Europe, where this method works every time without any hiccups. The only this he needs is to create a QR code using a fake name, his destination, his flight number, and his class, which apparently always needs to be higher than coach. The reason that this trick works is because the automated readers at many of the airport lounges don’t cross-verify the information provided by the fake QR. It only confirms if the flight number is genuine. This evident security error not only provides access to these restricted lounges, but it also allows someone to make duty-free purchases without the added expense of an actual plane ticket. If Jaroszewski planned to release the hack app to the public, it would possibly allow hackers with economy class tickets to gain access to first class lounges. Regrettably, he has no plans of doing so. However, he says it could be “very easy” for hackers interested in recreating the app, which he says was made up of about 500 lines of Javascript. A hacker who has interest in coding and not afraid of illegal intruding may just be able to crack it and enjoy the airport lounge facilities of the global frequent-flying elite. Source: WIRED