more on who cares re web

[David Farber <dave () farber net>]

Begin forwarded message:

From: Brad Templeton <btm () templetons com>
Date: October 30, 2006 1:09:39 PM EST
To: David Farber <dave () farber net>
Cc: ip () v2 listbox com
Subject: Re: [IP] who cares re web

On Sun, Oct 29, 2006 at 06:38:35PM -0500, David Farber wrote:
> "I am no expert here so I don't want to be commenting on this
> publicly, but what is the big deal here?  The major security problem
> relates to keeping baddies and their weapons off the planes.
>
> The authorities have decided to AUGMENT that crucial protection by
> limiting the folks who can get access to the boarding areas of the
> airport to those who are actually flying (unless of course you are an
> adult m,eeting a minor child, or an employee of a restaurant or store
> in there, etc).  So, everybody goes through the screening to make
> sure they are not carrying stuff into the boarding areas that could
> cause a problem when if those materials get onto planes, and the
> showing here is not that THAT screening is ineffective, but only that
> there is a way around the means of limiting WHO can come into the
> boarding areas.  But that is the lesser of the problems, no?"

No, the flaw in question is a flaw in the entire "no-fly-list" concept,
because it allows you to get on a plane almost no matter what your name
is.    You can cross the TSA checkpoint with a boarding pass that
matches your authentic ID.   The name on your authentic ID is checked
only to see if it matches the boarding pass, which is just a piece
of paper you printed which says anything.

Then you board the aircraft with the real boarding pass issued by
the airline, which is in the name of somebody else -- somebody not
on the no-fly list.

This also bypasses the "selectee" system since you can do all the
behaviours that make you a selectee, and then use a fake boarding pass
through security without the SSSS on it.

Finally, this bypasses the airline's "don't transfer your ticket"
restriction that they use to make money.   You can buy a ticket,
and then if you wanted to give it to somebody with a different
name, they just print up a boarding pass with their name for the
TSA, and use your boarding pass to fly.  Since this apparently
is a violation of the law, it may be a risky thing to save some bucks.
(You also earn the flyer miles which some people care about.)

Frankly, if I were a "David Nelson" or one of the other innocents
stuck on the no-fly-list, I would have considered using this appraoch.

Many people, myself included, saw this hole immediately.  Some talked
about it.  I figured after a while they would take away the convenience
of print at home boarding passes, but the truth is that boarding
passes issued at the airport are not particularly hard to forge with
modern colour printers.   They are just slightly thicker pieces of
paper.

Some airports do have a counter-measure against this attack.  The
TSA ID-checker will place a stamp or small initial on the pass
after checking it.   The gate agents in theory are checking for
this stamp.   However, unless the stamp changes regularly it also
should be easy to forge.    Just have an accomplice go through
security and immediately exit, then scan the token.

To bypass this attack they would need either unforgeable boarding
passes, an unforgeable stamp or printout at the TSA station, or
return to ID checks at the gate.   ID checks at the gate slow
boarding but are simplest.     This is done at some airports.

While, as noted, this problem is NOT inherent to print-at-home
boarding passes in any way, another solution would be for the
TSA agents to get a scanner which can scan all valid forms of
boarding pass, incuding airline issued and print-at-home.  They
would then read the barcode to see the name on the boarding
pass, not the printed name which is insecure.  The barcode would
of course have to be secure, I have no idea if it is.

And one last note.   There is a reason to keep non-pax out of
the gate area, sadly.   There are lines for security, and the
more people that go through security, the slower it goes.  It's
nice to meet people at the gate, but I don't want to miss my
flight because I was in line behind 20 people going to meet
people at the gate.   In the old days security was faster and
we had the spare capacity for this.


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/