Passbook hacked. Are air fares expensive for you? For a Cretan student at the University of Crete it does not seem to be. With the iPhone and with a simple hack it can trick every modern airport to get free a first place please, on a flight of its choice.
Anthony Hariton, is an 18-year-old computer science student at the University of Crete and claims to have discovered a security gap in the Passbook iOS app that allows him to have free plane tickets across Europe.
The student prepares the “Exploiting Passbook to Fly for Free” which he will present at a hacking συνέδριο τον επόμενο μήνα. Η presentation της ευπάθειας θα δείξει θεωρητικά πώς μπορεί κάποιος να δημιουργήσει ψεύτικες κάρτες επιβίβασης, χρησιμοποιώντας έναν computer and an iPhone. With the fake boarding pass, he can pass all airport security checks and finally "park" in the first seat of the flight of his choice.
The application passbook iOS allows you to scan items such as movie tickets, gift cards, boarding passes, and store them in one place neatly. Once the app has saved the boarding pass, the only thing the traveler has to do is to present the present on his mobile phone without having to print it.
This is exactly what Hariton used to use the Passbook application to build promiscuous boarding passes.
The vulnerability will be presented in HITB SecConf 2014