Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Travel. Show all posts
Travel
Airline barcode boarding Cyber Security Data Data Privacy Passport Privacy Protection Security Social Media Travel

Why Sharing Boarding Pass Pictures on Social Media Is a Privacy Risk, Warns Expert

 

Individuals flying for the first time are aware that an airline boarding pass includes certain details about a traveler, such as their name, flight number, and seat assignment. However, what might not be common knowledge is that these tickets, whether in paper form or electronic, harbor more personal information than readily apparent.

In particular, the barcode on a boarding pass has the capacity to reveal information like a frequent flier number, contact details, or other identifying particulars. According to privacy researcher Bill Fitzgerald, the specifics contained within the barcode can vary from one airline to another. Nevertheless, a prudent approach is to always assume that the scannable code contains personal information about the traveler and their itinerary.

Moreover, travelers should also consider that these barcodes may encompass driver's license and passport details, as these are typically provided to the airline during check-in or at the airport. Consequently, it is crucial to handle paper boarding passes with care, refraining from casually discarding them into the trash. As Fitzgerald emphasizes, posting them on social media is an absolute no-go.

While these precautions may seem like standard data protection advice, even the most experienced travelers have made mistakes when safeguarding their boarding passes. A prime example is former Australian Prime Minister Tony Abbott, who inadvertently exposed his personal information by sharing an Instagram photo of his Qantas flight boarding pass in March 2020. Although the hacker who gained access to Abbott's details did not misuse the information, the potential for malicious intent is a looming concern.

Most attackers could utilize this data, which may seem insignificant on its own, to initiate further online attacks against the traveler's digital accounts and identity. Mark Scrano, an information security manager at cybersecurity firm Cobalt, warns that many airlines rely solely on the data from the boarding pass, particularly the confirmation code and last name, to grant full access to the traveler's online account. This vulnerability could be exploited to access personal data stored by the airline.

These seemingly inconsequential details, when used strategically, could lead to significant troubles for travelers, including identity theft. Fitzgerald advises against sharing barcodes in any way to protect against this risk. Although paper boarding passes are becoming less common, they are still required in certain situations beyond the passenger's control, such as last-minute seat changes at the gate.

According to Fitzgerald, shredding a boarding pass is one of the safest methods for disposal.

While mobile boarding passes might appear to be a convenient solution for safeguarding personal data, Fitzgerald cautions that using electronic tickets within airline apps or loyalty apps is not as straightforward as it seems. He points out that these apps often pose privacy concerns and frequently incorporate various forms of tracking, including first-party and third-party tracking. Additionally, some apps may disclose the user's location in near-real-time, further complicating the choice between paper and electronic boarding passes.

For travelers who prefer using their smartphones instead of paper tickets, Fitzgerald recommends taking a screenshot of the QR code on the mobile boarding pass and saving it to their photos, eliminating the need for an additional app to access it.

In summary, it is advisable to treat any version of your airline ticket as you would a sensitive personal document, even if it appears that information such as flight numbers or barcodes holds little significance. As Fitzgerald notes, while the consequences of such information falling into the wrong hands may not be catastrophic, travelers should not make it easier for potential threats to exploit their data.
Read more »
Travelling Safety
Boarding pass Data Breach passenger information Stolen Data Travel Travelling Safety

Experts Alert Travelers Against Sharing Photos of Boarding Passes Online


After giving hours to work – each day, every week, for months – checking in at the airport possibly represents an exciting time, for travelers who have waited long for the much-needed rest and recreation.

One may also want to capture this moment and share a sneak peek of their journey with their pals, starting with clicking a little picture of their boarding pass to post on social media. However, cyber experts have advised the vacationers against this, since doing so could be a risk to their privacy, or even lead to their information getting into the wrong hands. 

While modern boarding passes do not contain any outright personal details and only contain information like the person’s name, flight number and seat number, certain codes could be used by a hacker to further get hold of a victim’s information.

Josh Amishav, Founder and CEO of data breach monitoring company Breachsense, explained "Your frequent flyer number, name, and passenger name record are valuable for identity theft, enabling fraud like opening credit card accounts or making unauthorised purchases.”

"Hackers can employ social engineering techniques, pretending to be airline representatives to trick you into revealing more personal data. They can also create targeted phishing attempts using your boarding pass info, leading to clicking on malicious links or sharing sensitive data," he says.

The threat does not end here, since this is not the only way a boarding pass can be used by an unauthorized body to access a flyer’s information. Another case that comes to light is the illicit usage of contents of a lost or stolen boarding pass.

Thus, there are several measures and precautions one must keep in mind in order to protect oneself from falling prey to such cyber incidents. Here, we are listing some of those measures: 

  • Always make sure that the boarding pass is safe with you; never put it in the pocket of the airplane seat or toss it in a hotel trash can without first shredding it up. 
  • It is crucial to properly dispose of printed boarding passes when one is done with them and no longer needs them in order to prevent the information contents from falling into the wrong hands.
  • In case one is posting picture of their boarding passes, or any documents from their trip on social media, it is recommended to edit those pictures in a way so it does not display any important detail.  

Read more »
Travelling Safety
Airline Boarding pass passenger information Privacy stolen information Travel Travelling Safety

Travel HACK: Why you Should not Share Photos of Your Boarding Pass Online

You are done packing the bags, you put on your airport look and now you are all set to board the flight to your dream vacation. You might as well want to post a picture of the trip, or share a picture of your boarding pass. But wait, doing this recklessly may cost you your privacy.

While boarding passes do not include some outright personal information like an address or a phone number, they do involve certain codes that would work well for a crime actor to find information about you

The documents may appear to be nothing more than travel keepsakes outside of their primary use at the airport, but they are much more informative than many travellers realise. According to Amir Tarighat, CEO of cybersecurity company Agency, "people often think, like, 'Just this information isn't enough to compromise (me)' but that's not how the attackers view that information." Boarding passes possess information like the flyer’s legal name, your ticket number, and passenger name record (PNR), a six-digit alphanumeric code specific to their reservation.

Meanwhile, Amir Sachs, founder and CEO of cybersecurity and IT company Blue Light IT said, “Using the PNR and your last name, a hacker can have full access to your booking information, which will give them access to your phone number, email address, and emergency contact information.” Getting a hand to an individual’s PNR also lead to a passenger’s frequent flier number, Known Traveller Number (associated with Global Entry and TSA Pre-Check), and redress number (associated with the Department of Homeland Security’s TRIP program).

With all the aforementioned information, one can easily change a passenger’s booking. In fact, all you need to change or cancel flights online is your name and PNR; a password is not required. Additionally, someone may simply steal a hard-earned frequent flier miles if they gain access to their frequent flier account, which does require a password. Moreover, much worse issues await if a hacker gets hold of a victim’s details through their boarding pass.

Josh Amishav, founder and CEO of data breach monitoring company Breachsense explains, “Your frequent flier number, name, and PNR are valuable for identity theft, enabling fraud like opening credit card accounts or making unauthorised purchases[…]Hackers can employ social engineering techniques, pretending to be airline representatives to trick you into revealing more personal data. They can also create targeted phishing attempts using your boarding pass info, leading to clicking on malicious links or sharing sensitive data.”

While these risks do not stop at posting your boarding pass online, you might as well want to skip the entire printed boarding pass to reduce the risk of data being compromised from a discarded or lost slip. Researcher and senior technical director for cyber safety brand Norton explains, “Consider using a mobile boarding pass to ensure no physical copies will be left behind in your plane seat pocket, boarding area, or somewhere else where scammers can easily grab it.” One may consider that travel apps too could be hacked, so compromising digital boarding pass is not something entirely safe either.

Even though one may get quite lucky to avoid any such issue, posting a photo of your boarding pass online is not worth the risk. Thus, being mindful in taking cautionary measure could save you from any trouble. If you are adamant on posting a picture of your boarding pass online, you can use photo-editing software to hide away that information, or you can skillfully stage your photo so that none of the identifying details are visible, which will also include the barcode.

“Hackers can use barcode scanners to steal information from boarding passes shared online or left behind in airplanes and airports[…]Depending on the airline, a barcode scanner can unveil a flier’s airline account number, associated email and phone number, and your flight’s confirmation code — information that could all be used to make a phishing attack look more realistic,” explains Roundy.

It is also advised to post your travel photos on a delay— ones you are back from your travel, as Sachs says, “Keep your info safe and save the travel bragging for when you’re safely back home!”  

Read more »
Travel
Airside digital identification technology Digital Identity Identity verification Onfido Technology Travel

Onfido Acquires Airside to Strengthen Digital ID Verification


Tech company, Onfido, is moving a step closer to developing the digital passport of the future, through its acquisition of Airside Mobile, a US-based digital identity solutions provider primarily aimed at the travel industry.

Over 10 million travelers have utilized Airside's shareable digital identification technology, which is regarded as reliable by many U.S. government organizations, including the Transportation Security Administration (TSA). The major airlines in the world are among its clients, permitting travelers to use the apps like Airside Digital Identity to breeze through US airports since the app provides users with official documents like government-issued ID and health records.

According to Onfido, which already provides ID verification to a variety of industries, the acquisition “will enable businesses to create a seamless user experience that supports more effective onboarding and expanded customer relationships, while radically reducing fraud and minimizing the liability associated with handling sensitive data.”

This partnership may have wide-ranging effects on the financial services sector because it will enable financial institutions to confirm a customer's ID without requiring them to scan and submit papers each time they sign up. KYC screening has grown to be a significant compliance burden for banks and other financial service providers since Russia's invasion of Ukraine triggered a series of international sanctions. Other uses include e-commerce and internet platforms in addition to travel and finances.

Onfido Will Apply Airside’s ‘proven approach’ in Travel.

“Until now identity verification has digitised physical processes, but those processes haven’t changed[…]We’re still handing our identity over to be checked every time we access a new service. This partnership will change that, giving users control and organisations greater confidence in who their customers are. We plan to take Airside’s proven approach to the airline industry and apply it to other sectors requiring high customer assurance, such as financial services – providing a single, trusted view of each customer’s identity,” says Mike Tuchen, CEO of Onfido.

Meanwhile, Adam Tsao, Founder at Airside says, “By teaming up with Onfido and layering in their trusted verification technology with Airside’s Digital ID, we can take identity to the next level with the same ease and trust we have with online payments.” Apparently, Tsao is meant to stay with the company and supervise the product from within Onfido.

With the acquisition of Airside by Onfido, the company may move a step closer to digital IDs, which would be used anywhere once verified. Consumers will be able to utilize a single, integrated digital ID to authenticate their identity wherever they need to. Similar to how credit cards and mobile payments have lessened our daily reliance on cash, it may render traditional ID cards obsolete. 

Consider entering a local bar and presenting your digital ID, which is kept in your digital wallet and also grants you access to internet services, as identification. Additionally, there would be no need to continuously scan or upload documents because your digital ID would be available for use at several points of service and would remain in your wallet.  

Read more »
Subscribe to: Posts (Atom)