When reading the barcode printed on the boarding pass of the airplane, there was surprisingly much information such as personal information written

In recent years, many people use "ticketless" service that allows you to board a smartphone attached to a smartphone or wrist and board an airplane, but even now you still have a boarding pass (boarding pass) printed on a landscape thick paper There should be some people receiving it. Although it is a boarding pass that casually picks up and throws away a poi after a flight, in fact it seems to be necessary to note that the barcode being described contains a lot of information.

What's in a Boarding Pass Barcode? A Lot - Krebs on Security
http://krebsonsecurity.com/2015/10/whats-in-a-boarding-pass-barcode-a-lot/

Many people who have taken an airplane are likely to have received such a horizontally long boarding pass. In the past, thick durable paper was used, but in recent years there are more simple things with thermal paper. A barcode surrounded by a red frame is always stated in such a boarding pass.


This bar code is "PDF417It is based on a standard called "type ofTwo-dimensional codeIt is one of.

What is PDF417 | Basics of 2D code | Site where bar code standards and reading know-how can be learned "Bar Code Course" | Keyence


A former Washington Post reporter who is currently a security-related blogger, Brian Krebs'Krebs on Security"Received information from a reader" Cory ". Mr. Cory's friend uploaded a boarding pass photo to SNS during the trip, but the barcode was clearly shown there and it was in a state that it could be read completely. Mr. Cory who cared about saved the image of the boarding pass as a test on his PC, trimmed it, uploaded it to the online barcode reading site with only the barcode in the test.

ClearImage Barcode Recognition - Read Code 39 code 128 code 39 code 128 1D barcodes and 2D PDF417 DataMatrix symbologies from PDF TIFF JPG image from scanner, fax or camera


Then it was found that the contents of the barcode was decoded in just a few seconds, and it contained many information including not only the passenger's name, flight number, boarding area, destination, etc. "MATTHEWA man with a first name (MR) Reservation number (Record Key· Currently "Record Locator") is displayed, Nigeria'sNam Namdi Ajikiwe International Airport(ABV) From GermanyFrankfurt Airport(FRAFlight to Lufthansa Airlines (LH)of0595I can see that I was on a flight. In addition, at the end of the information, the member ID of the Star Alliance Frequent Flyer Program (FFP)Frequent Flyer ID) Is also included.


In particular, the reservation number and the member ID of the PPF will be valuable "information sources". When Cory visited Lufthansa's site based on this number and Mr. Matthew's name, he seems to be able to access not only the information of the corresponding flight but also the account information itself. Perhaps it seems that you were able to log in to your account, but from there you can also see the unfleeting flight reservation information registered in the Star Alliance account.

In addition the situation goes in a serious direction. Mr. Cory was able to know the name of the person making the appointment (= other person), it was also possible to change the seat of the reserved flight, and even to cancel the reservation itself That's right.

It seems that there was a background that it was able to log in to the account easily easily, SNS relatively easy to obtain personal information. If you forget your password, you may click on "Forgot your password?" And answer "secret question", but if there is a question "What is your mother's maiden name?" Is dangerous. Sometimes Mr. Matthew's case was exactly the case, as her mother's maiden name was known only by listing the name of his relatives connected from her face account and from her Facebook account.

Even if you decode the barcode stated in your boarding pass in the same way, because the information contained in it depends on the ticket reservation situation etc., so that not all information will be displayed in the same way is. As a result I scanned the ticket at hand, but the information I got was limited.

The display method of the boarding pass barcode is stipulated in the standard. The following blogs describe the contents in detail.

What's contained in a boarding pass barcode? | Shaun ewing
https://shaun.net/posts/whats-contained-in-a-boarding-pass-barcode

Also,IATAThe guidelines set by the International Air Transport Association (International Air Transport Association) contain further detailed operation methods and the like.

(PDF file) IATA Bar Coded Boarding Pass - bcbp_implementation_guidev4_jun2009.pdf
http://www.iata.org/whatwedo/stb/documents/bcbp_implementation_guidev4_jun2009.pdf

In addition, the type of information seems to be different for the QR code used in the e-ticket which is increasing in recent years, so it does not seem that the detailed information will be readable even by reading with a smartphone or the like. Nonetheless, it is indispensable to abandon documents containing these barcodes, which do not contain any information, to put them in a state that they can not be restored by shredding or shredding by hand .