The codes in your Boarding Pass

The next time you’re thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead. Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.

Earlier this year, I heard from a longtime KrebsOnSecurity reader named Cory who said he began to get curious about the data stored inside a boarding pass barcode after a friend put a picture of his boarding pass up on Facebook. Cory took a screen shot of the boarding pass, enlarged it, and quickly found a site online that could read the data.

1

An older Delta boarding pass with a bar code that does not include a frequent flyer number. Source: IATA.

“I found a website that could decode the data and instantly had lots of info about his trip,” Cory said, showing this author step-by-step exactly how he was able to find this information. ‘

“Besides his name, frequent flyer number and other [personally identifiable information], I was able to get his record locator (a.k.a. “record key” for the Lufthansa flight he was taking that day,” Cory said. “I then proceeded to Lufthansa’s website and using his last name (which was encoded in the barcode) and the record locator was able to get access to his entire account. Not only could I see this one flight, but I could see ANY future flights that were booked to his frequent flyer number from the Star Alliance.”

The access granted by Lufthansa’s site also included his friend’s phone number, and the name of the person who booked the flight. More worrisome, Cory now had the ability to view all future flights tied to that frequent flyer account, change seats for the ticketed passengers, and even cancel any future flights.

The information contained in the boarding pass could make it easier for an attacker to reset the PIN number used to secure his friend’s Star Alliance frequent flyer account. For example, that information gets you past the early process of resetting a Star Alliance account PIN at United Airline’s “forgot PIN” Web site.

After that, the site asks for the answer to a pre-selected secret question. The question in the case of Corey’s friend was “What is your Mother’s maiden name?” That information can often be gleaned by merely perusing someone’s social networking pages (e.g., does your aunt or uncle on your mom’s side have your mother’s maiden name as their last name? If so, are they friends with you on Facebook?)

2

The readout from the barcode on Cory’s friend’s boarding pass (redacted).

United Airlines seems to treat its customers’ frequent flyer numbers as secret access codes. For example, if you’re looking for your United Mileage Plus number, and you don’t have the original document or member card they mailed to you, good luck finding this information in your email correspondence with the company. When United does include this code in correspondence, all but the last three characters are replaced with asterisks. The same is true with United’s boarding passes. However, the full Mileage Plus number is available if you take the time to decode the barcode on a boarding pass.

Interested in learning what’s in your boarding pass barcode? Take a picture of the barcode with your phone, and upload it to this siteThis blog on the same topic from several years back includes some helpful hints on how to decode the various information fields that get dumped by the barcode reader.

Finally, the standards for the boarding pass barcodes are widely available and have been for years. Check out this document (PDF) from the International Air Transport Association (IATA) for more on how the barcode standards work and have been implemented in various forms.

Improvement in Airlines’ Operational Performance

A significant part of the objectives of the International Air Transport Association (IATA) is to aid its member airlines. IATA helps airlines improve various facets of their operations including safety (through the IATA audit programs – IOSA and ISAGO), flight and ground operations. While the airline share prices have taken a serious hit, recent IATA statistics indicate that their operational performance is steadily improving.

Some key findings:

  • Air travel rose 5.6%% in September, contributing to a strong third quarter and high load factors (percentage of seats occupied). Airlines’ operating profit for the third quarter (based on 25 sample airlines, including 10 North American carriers) rose 3.6% from a year ago to $7.68 billion. That follows a 60% year-on-year decline in the second quarter. Still, airline share prices have fallen about 30% this year as analysts lower their expectations for airline profits, IATA says, citing Bloomberg Airlines Index.
  • Jet fuel prices climbed back to $128 a barrel in late October, 35% higher
    than last year. The fuel cost increase would have added 10% to airline operating costs, but their hedging tactics lowered the impact by about half.
  • The industry worldwide received 98 new jets and turboprops in September, but airlines continue to eliminate older, fuel-inefficient planes. As a result, the pace of seat addition slowed in September to an annualized rate of 4% to 5%.

Fuel Prices: Dictatorship in aviation

In my opinion, the soaring of fuel prices has just caused a lot of imbalance within the aviation industry. Never before have fuel prices dictated to such an extent that profits would be cut and there wouldn’t be much that could be done to prevent it.

The following courtesy BBC News:

Iata said it expected airline industry profits to be just $4bn (£2.4bn) in 2011 as rising fuel prices continue to dent profits of carriers.

In 2010, the industry made a profit of $18bn. In March, Iata had predicted profits of $8.6bn this year.

Iata said high fuel costs were having a “big impact on our profitability”.

“Last year the bill was $136bn, this year with the price of oil average $110 [the bill] will be $176bn, over $30bn [more] and that is one of the major concerns,” Giovanni Bisignani, the head of Iata, told the BBC.

‘Big problem’

Last year, the airline industry recovered faster than expected from the global recession.

“After a good year, this year started in a terrible way,” Mr Bisignani said.

Mr Bisignani blamed unrest in the Middle East, an increase in the price of fuel and the nuclear disaster in Japan for the industry’s bleak outlook.

Iata used an average oil price of $96 for a barrel for Brent crude when calculating its profit forecast in March.

Since then, oil prices have passed $110 a barrel.

According to Mr Bisignani, a $1-a-barrel increase means a jump of $1.6bn in costs.

“That is a big, big problem for us,” he said.

Click to play

Iata’s boss Giovanni Bisignani assesses the problems faced by the airline industry

Mr Bisignani warned that any further spike in fuel prices would be tough for the sector.

“That $4bn is with the price of fuel at $110, we see already these days that the price is higher than this.” he added.

Fuel costs will represent 30% of airline expenses in 2011, according to Iata.

Asian growth

Airlines in Asia-Pacific are expected to remain the most profitable in the sector.

According to Iata, carriers in the region are forecast to earn $2.1bn in 2011, the highest out of all the regions.

However, the figure is still sharply lower than the $10bn profit that the region’s carriers made last year.

Robust demand for air travel in both China and India is likely to support Asian profits this year.

According to Iata, demand for air travel in the region is expected to increase by 6.4% in 2011.

But it warned that lower demand for air travel from Japan may have a big effect on growth.

The 11 March earthquake and tsunami in Japan that triggered a crisis at the Fukushima nuclear power plant hit the travel and tourism sectors hard.

The disaster saw a drop of 31% in demand for domestic travel in Japan in April, compared with the previous year, according to Iata.

Internationally, Japan saw air traffic fall by 20% in April, which has knocked 1% off global international travel.

“Japan represents 10% of the total industry revenues – that will impact strongly,” said Mr Bisignani.

iFLEX – From Fixed to Flex Routes

Most of the next generation Air Traffic Management (ATM) initiatives like Next Gen and SESAR are set to minimize delays and increase capacity both on the ground and in the airspace. One cornerstone of these projects is trajectory optimization. The gate-to-gate optimization concept where a flight is transported from end to end using state-of-the-art technology and much more direct routes.

The problem with this ideology is that a very large constraint already exists within the airspace. The presence of airways and waypoints not only limits opportunity for optimization, but also results in airspace saturation. Most of the airways are created specifically for a particular city-pair due to high demands, but 10 years later the airlines don’t fly that route anymore and the airways remain. Many such airways and waypoints exist in today’s aeronautical infrastructure that are rarely or never used.

This brings an interesting discussion forward. If there were no airways, would there be better scope for optimization. Yes. But it would be at a higher risk level. Hence, in low density airspace, where there are very few aircrafts flying per day, such a concept can be utilized to its potential. The International Air Transport Association (IATA) has launched an initiative called iFLEX, which will enable aircraft to fly a more flexible trajectory from origin to destination. The optimization process begins at the Flight Planning phase, where the dispatcher identifies the optimum combination of airways, waypoints, significant points, VORs, etc taking advantage of the upper winds. Modern flight planning systems are very sophisticated and can calculate the time, fuel consumption, CO2 burn, payload impacts, overflight charges for a particular route on a particular day. No re-optimization is envisioned enroute and the ATC separation standards will remains the same.

Being a part of the iFLEX team at IATA, I must say this is a very compelling concept that could change the very nature of air transportation. Together with support from ICAO, Delta Airlines and Emirates Airlines, the agenda for 2011 includes conducting 3 workshops, demo flights and publication of the guidance material to implement flexible routings.

More information on iFLEX can be found here.