Airport selfies and social media 'humble brags' are exposing travellers to online crime, say cyber experts. Photo / Getty Images, iStock
Airport selfies and social media 'humble brags' are exposing travellers to online crime, say cyber experts. Photo / Getty Images, iStock
Travellers have been warned against sharing photos of their boarding passes online, as that ‘airport selfie’ could be spreading more than jealousy online.
The practice of sharing plane tickets to social media, beyond being painfully smug, has been identified as a growing source of cyber crime.
A quick search of social media sites like Instagram for the hashtag #boardingpass brings up hundreds of thousands of plane tickets.
Cyber security experts have compared this to broadcasting your personal information for the world to see.
It doesn’t matter if you’re sharing selfies at the airport or a ‘humble brag’ plane ticket folded into a passport cover - a small glimpse of your travel document could be enough for hackers to see it all.
“Even if only the barcode of your flight ticket is visible in the picture, hackers can scan it and find out such information as a traveller’s full name, reservation number, passenger name record, and sometimes even contact information,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.
Hackers have found it as a rich seam for stealing information which can be used to obtain banking information, find out when travellers aren’t at home or committing identity fraud.
Malicious hackers could use them to change your flights and cancel your travel, just “for the lols” - as travel blogger, Ben Schalappig, discovered. In 2011 the One Mile at a Time writer was stranded in Kuala Lumpur after sharing a smug airport selfie with his travel plans “live” en route from Melbourne.
Yes, that one friend who seems to always be travelling could be setting themselves up for a fall.
Social media #boardingpass pictures are a rich source of data for hackers and cyber criminals. Photo / Screenshot, Instagram
What information can be hacked from a boarding pass?
Airlines and the international travel industry relies on connectivity to function.
But with great connectivity comes vulnerability - and lot of information being shared in unexpected places.
In 2019 Noam Rotem, a cyber security worker for the Safety Detective Lab, was shocked to see how much of his information was flying around for anyone to access.
Tracking a booking for upcoming travel, he discovered large amounts of his information was being shared unencrypted, attached to his Passenger Reference Number.
This reference number, which is used as an IATA standard between airlines, was attached to information about seat reservations, email addresses, phone numbers, frequent flyer points, and could even be used by anyone to change or cancel flights.
Worse still, Rotem discovered a way that he could access random passengers’ PRNs through the website of Israeli carrier ELAL. It gave him access to the bookings of over 140 airlines, he claimed.
Fortunately the Safety Detective Lab alerted the IT provider Amadeus, who fixed the issue.
However, in the wrong hands it could have been used to cause travel chaos.
He didn’t even need to see passengers’ boarding passes to get them. Although, as he wrote, there are many places people unwittingly share this information.
“[Airlines] send these codes via unencrypted email, and many people even share them on Facebook or Instagram. But that’s just the tip of the iceberg,” he wrote to the company’s blog.
Travel hackers and the biggest cyber security risks
A recent press release by Nord VPN has found that international travel has increasingly become a hotspot for would-be hackers.
From social media posts to shared airport wi-fi, using your devices abroad is full of unexpected cyber threats.
Last year the FBI and New Zealand’s Cert agency warned travellers against phones at public USB docks, at airports and hotels. The public charging ports have been used to access travellers’ information and spread malicious software.
While it’s tempting to try and dodge data roaming charges on holiday by logging into public wi-fi at airports and cafes, this is another highly risky move.
Nord - a company which offers software to reduce the risk of accessing public wi-fi networks - says that you should never log into a ‘random wi-fi network’.
“Hackers may position themselves as a wi-fi hotspot or use special software to steal data from unprotected networks. One of the best ways to safely use public wi-fi is by installing a VPN.”
