13.6 C
London
Tuesday, September 26, 2017
Home Tags Duty-free

Tag: duty-free

At least, that's what one computer security expert did in order to access classier airport lounges in Europe. Tired of watching others waltz into those fancy airport lounges, to pamper themselves in luxury and comfort (and yummy food and drinks) while they wait for their next flights? Wish you had access to these areas? If you get creative with your QR code creation, like computer security expert Przemek Jaroszewski, then you can easily spoof your way into wherever you want. At least, that's what Jaroszewski did when his frequent flier status glitched and he wasn't allowed admittance into one of the fancy airline lounges he knew he could otherwise access. His solution? Build an Android app that generates made-up QR codes, which contains his name (a fake one), as well as all the key details he needs to get into the lounges: upcoming flight numbers, his destinations, and a status for whichever carrier's lounge he's trying to get into. "While traveling through airports, we usually don't give a second thought about why our boarding passes are scanned at various places.

After all, it's all for the sake of passengers' security. Or is it? The fact that boarding pass security is broken has been proven many times by researchers who easily crafted their passes, effectively bypassing not just 'passenger only' screening, but also no-fly lists," reads a description of Jaroszewski's talk at this year's Defcon conference. "Since then, not only security problems have not been solved, but boarding passes have become almost entirely bar-coded.

And they are increasingly often checked by machines rather than humans.

Effectively, we're dealing with simple unencrypted strings of characters containing all the information needed to decide on our eligibility for fast lane access, duty-free shopping, and more…" As Wired reports, Jaroszewski has only tested his QR-based spoofing in European airports.

And, of course, his trick would be easily defeated by any airport lounge that asks to see a passport or other form of identification to verify that he's actually who he is listing with the QR code.

Though he could use his real name to thwart that, he would also have to make sure that the airline lounge doesn't cross-reference his details against a master list of eligibility. In other words, there are plenty of things that can go wrong with his little trick.

And, no, he's not using it to try and board flights under a different name; he surmises that the security checks are too strong to allow him to do that (nor would he want to). He's also not releasing his little QR-creating code to the public. You'll just have to earn your elite status the hard way.
That's a pretty large ring A total of 105 credit card fraud suspects have been arrested in Asia and Europe following a complex months-long investigation across two continents. The investigation targeted a gang led from Malaysia whose tentacles spread into 14 European countries (including the UK and Germany) and specialised in using counterfeit credit cards for purchasing of high value goods. A total of nine arrests took place in Malaysia and 76 across Europe as part of a takedown operation against the group which involved raids against various premises – including two sites where “high quality” counterfeit credit cards were manufactured. During house searches, 3 000 counterfeit payment cards were also seized, alongside fake passports, cameras, jewellery and substantial amounts of cash. Cops reckon the crooks used counterfeit credit card to purchase high value goods, mainly at electronic stores and duty-free shops at airports, causing losses estimated at €5m.
In Europe, the gang bought mainly jewellery and expensive watches. The police operation, which ran from the end of 2015 to the spring of 2016, was supported by Europol's European Cybercrime Centre (EC3).

Cops credit close police cooperation on a global level as well as the direct support of American Express with achieving a successful conclusion to the complex investigation. ® Sponsored: 2016 Cyberthreat defense report