Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

July 26, 2017

Fancy Airline Lounges W/O Fancy Airline Ticket

Filed under: Cybersecurity,QR Codes,Security — Patrick Durusau @ 2:26 pm

Andy Greenberg posted a hot travel tip last August (2016) in Fake Boarding Pass App Gets Hacker Into Fancy Airline Lounges:

As the head of Poland’s Computer Emergency Response Team, Przemek Jaroszewski flies 50 to 80 times a year, and so has become something of a connoisseur of airlines’ premium status lounges. (He’s a particular fan of the Turkish Airlines lounge in Istanbul, complete with a cinema, putting green, Turkish bakery and free massages.) So when his gold status was mistakenly rejected last year by an automated boarding pass reader at a lounge in his home airport in Warsaw, he applied his hacker skills to make sure he’d never be locked out of an airline lounge again.

The result, which Jaroszewski plans to present Sunday at the Defcon security conference in Las Vegas, is a simple program that he’s now used dozens of times to enter airline lounges all over Europe. It’s an Android app that generates fake QR codes to spoof a boarding pass on his phone’s screen for any name, flight number, destination and class. And based on his experiments with the spoofed QR codes, almost none of the airline lounges he’s tested actually check those details against the airline’s ticketing database—only that the flight number included in the QR code exists. And that security flaw, he says, allows him or anyone else capable of generating a simple QR code to both access exclusive airport lounges and buy things at duty free shops that require proof of international travel, all without even buying a ticket.

See Greenberg’s post for details on prior work with boarding passes.

Caveat: This has not been tested outside of Europe.

Airlines could challenge your right to use a lounge, based on your appearance, but an incident or two with legitimate customers being booted, should cure them of that pettiness.

Greenberg posted this in August of 2016 and I haven’t seen any updates.

You?

Happy travels!

May 1, 2012

Shadow-Activated QR Code Actually Useful and Cool

Filed under: Museums,QR Codes — Patrick Durusau @ 4:46 pm

Shadow-Activated QR Code Actually Useful and Cool Retailer’s sign scannable only at lunch by David Griner.

From the post:

For all the talk of mobile-marketing tech, there remains a pretty wide gap between the potential and the practicality of QR codes. That’s why it’s nice to see this case study from Korea, where a retailer increased lunchtime sales by 25 percent with a shadow-based QR code that’s only scannable in the middle of the day. Emart’s “Sunny Sale” codes are created with three-dimensional displays outside several dozen locations in Seoul. When the sun is at its zenith, the shadows line up, allowing the code to be scanned for access to coupons and online ordering. It’s a smart idea that, in the short term at least, has generated plenty of strong PR and sales. While the wow factor is sure to fade quickly, it’s still a great example of a marketer finding a way to turn QR codes into something actually worth scanning.

From Seoul. No surprise there. Heavy investment in education and technology infrastructure. Some soon-to-be-former technology leaders did the same thing but then lost their way.

If you think of QR codes as a cheap equivalent to a secure RFID tag, you have to “see” it to scan it, it should be more popular than it is. Physical security being the first principle of network security (to “see” the QR code).

Museums could use QR codes (linking into topic maps) to provide information in multiple languages. With sponsors for coupons to local eateries. No expensive tags, networks, sensors, etc.

Powered by WordPress