Customized Boarding Passes Can Hack Computers
Yang Yu and his team created their own series of boarding passes and programmed different commands into each that would be read by the scanner.
A boarding pass can hold all sorts of information useful to an identify thief, such as a victim's frequent flyer number. Now, it turns out that simply scanning the boarding pass itself could potentially be used to hack computers, too.
Yang Yu, founder and head of Tencent's Xuanwu Lab, a project with a focus on cybersecurity research, tweeted several videos of what he has dubbed "Badbarcode," a series of what he describes as vulnerabilities in the way that barcode scanners work. Yu will be presenting "BadBarcode: How to hack a starship with a piece of paper" at PacSec 2015, a security conference held in Tokyo.
Yu and his team created their own series of "boarding passes"—just barcodes, essentially—and programmed different commands into each that would be read by the scanner.
"The scanner in that demo is widely used in airports, so we made a fake boarding pass to do that demo," Yu told Motherboard in a Twitter direct message. "BadBarcode is not a vulnerability of a certain product. It affects the entire barcode scanner-related industries."
One of the videos shows the barcode of a boarding pass being scanned, and then a shell—where a user could enter commands—opening on the adjacent computer.
"General speaking, we can make [a barcode scanner] to 'type' any keys to the host system, not only the 0-9 and a-z," Yu said. He claims this lets someone create a boarding pass to "execute any command on computer."
Yu wouldn't go into the technical details, but said that he may release the documentation later.
At this point, Yu is unsure of any malicious applications. "I do not know what the bad guys might do," he said. "But considering barcode scanners are everywhere in our world, so BadBarcode is really a serious problem, not just a bug people could use to get free beer."