© Alexander Hassenstein/Getty Images
Mike Pomranz
June 22, 2017

Once you’ve entered the privileged world of the “airport lounge traveler” – sucking down free booze while waiting for your flight in accommodations designed to help you forget that air travel is nothing more than human cattle-herding 40,000 feet above the ground – it can be hard to go back. For frequent flyer Przemek Jaroszewski, he was so upset when his gold status was rejected for entrance to an airline lounge, the man who earns a living as head of Poland’s Computer Emergency Response Team took matters into his own hands – creating an Android app that instantaneously creates a fake QR code boarding pass that he says has gotten him into airport lounges throughout Europe with little trouble.

“Literally, it takes 10 seconds to create a boarding pass,” Jaroszewski told Wired. “And it doesn’t even have to look legit because you’re not in contact with any humans.”

But though on the surface, the software may sound a bit of mischievous Catch Me If You Can fun to score free drinks, Jaroszewski himself realizes that the ability to whip up fake boarding passes, could represent an actual security threat. So yesterday, he was scheduled to present his findings at the Defcon security conference in Las Vegas.


The good news for airlines, as opposed to hackers looking to exploit the entire air travel system, is that though the app generated QR codes probably aren’t good for much more than access to lounges. “A forged BCBP will not entitle the person carrying it with any right to travel, nor will it create any confusion with an airline’s system where the official information is stored,” the International Air Transport Association said according to Wired.

Additionally, Jaroszewski said he doesn’t plan to make his app public. However, he did caution that for someone else to create similar software would be “very easy”: He told Wired that the whole app was only about 500 lines worth of javascript. 

You May Like