Selfies with Boarding Passes: A Silent Cybersecurity Risk

By on Sep 22, 2016

Who doesn’t look forward to their next vacation or holiday? With a simple plane ticket, you can be off to enjoy relaxing family time or to an exotic location. These are chances to let go of worries, which can naturally lead people to be careless. But that also invites danger, as far as cybersecurity is concerned. Take the case of the classic boarding pass photo. It’s possible these celebratory snaps may leak your personal data online.

Travel expert Steve Hui ran an experiment to demonstrate just how these photos could spill private information. First, he found a photo of a stranger’s boarding pass. Using key details from it – namely passenger name and e-ticket number – he logged into their Delta airlines account. Simply put, data that every traveler should want private was exposed. Hui could see a person’s full itinerary, frequent flyer information, and payment details.

Now, to pull off this trick, a trickster has to have a boarding pass. How would they find a photo of one? With oversharing quite common in the social media world, photos are often available online. People voluntarily share these photos in their excitement for a trip. For example, a whopping 70,000 photos tagged #boardingpass are currently circulating on Instagram. How’s that for a hacker opportunity?

With social media so prevalent today, some people have wised up. Not everyone will be shocked by the dangers of sharing personal information. In fact, plenty of security-conscious people cleverly use their thumb to cover key details in photos where documents are displayed. Unfortunately, such minimal actions don’t reduce the risk by much. Any boarding pass’ barcode can easily be scanned and evaluated with free tools. If a cybercriminal is willing to hunt down photos in the first place, minor obstructions aren’t likely to stop them, when the barcode only takes a few clicks to scan.

So what would crooks do, armed with this information? The good news is this threat isn’t as worrisome as many other prevalent cybersecurity issues. Sure, somebody could change your seat or cancel your ticket. But that’s not likely. After all, cybercriminals are mainly motivated by financial profit. For those purposes, while perpetrators could learn your credit card’s last four digits from your airline account, that’s not exactly having all the numbers required to make a purchase.

Such abilities are still unnerving though. This hack highlights how easy it is for strangers to gain private information, if we’re careless with our photos. Everyone should take care online to prevent exposing sensitive, personal details to the public—even when expressing excitement for a big getaway.

Here are a couple tips to keep in mind, to safely take your next selfie:

  • Keep identifiers out of the picture. Cybercriminals can exploit names, barcodes, and details that are unique to you. Avoid posting photos online displaying data that can identify you—it could mean a serious online security faux pas.
  • Be private with your social media. Make sure your photos are only seen by the right people. That consist of two tasks. First, it’s important to set the privacy settings on your account. Some platforms, such as Facebook, even allow you to control settings on each post. Also, as a general rule of thumb, be sure to only accept friend requests from people you know.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee on Twitter, and ‘Like’ us on Facebook.

gary

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Subscribe to McAfee Securing Tomorrow Blogs