Sep 18, 2020 16:07:00

A record of extracting personal information from a photo of an airplane boarding pass, in the case of the former Prime Minister of Australia

Abbott's passport number and phone number can be determined from the 'picture of the boarding pass of the plane' posted on Instagram by former Australian Prime Minister

Tony Abbott , and the method has been released online.

When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number
https://mango.pdf.zone/finding-former-australian-prime-minister-tony-abbotts-passport-number-on-instagram

Former Australian PM Tony Abbott's passport details and phone number obtained by hacker | Tony Abbott | The Guardian
https://www.theguardian.com/australia-news/2020/sep/16/former-australian-pm-tony-abbotts-passport-details-and-phone-number-obtained-by-hacker

Tony Abbott hacked: Former PM's massive boarding pass mistake
https://www.news.com.au/travel/travel-updates/health-safety/tony-abbotts-massive-boarding-pass-mistake/news-story/5eff8faffe0f925fe9ccb73b56c59bd5

One day, Alex, who works as a hacker, received a message from a friend, 'Can you hack this guy?' The message was accompanied by a photo of the boarding pass posted on Instagram by former Australian Prime Minister Tony Abbott.

The following is Abbott's Instagram post that became a problem. The image mosaic processing was done by Alex and was not at the time of posting. The post has been deleted at the time of article creation.

Alex wasn't told this story because 'Alex is doing illegal hacking activities on a regular basis,' but a few days earlier, he said, 'Using a boarding pass posted on Instagram.' And hacking is being done 'because it became a topic. In Instagram, the tag '#boardingpass' is used, and it is said that the damage that the passport number is illegally obtained from the post with this tag is occurring.

Not knowing how to hack with a specific boarding pass, Alex first did a Google search and found a

web page explaining how the hack was done from the boarding pass photos. In this commentary, it was stated that the 'reservation number' and 'last name of the person who made the reservation' would be used for hacking. The booking number and surname are also used by the booker to visit the airline's website and modify the booking. Since I want to read the barcode on the boarding pass to get the reservation number, Alex tried to get a clear barcode by increasing the contrast of the barcode in the photo. did.

However, after struggling with the barcode for tens of minutes, he discovered that the boarding pass item had a description of 'Booking Ref,' which means the reservation number. I got the reservation number safely without reading the barcode.

When you access the airline's website and enter the reservation number and the reservation person's surname 'Abbott' ...

He said he was able to access the following reservation management screen.

On the management screen, the boarding time and mileage number of Mr. Abbott's plane, the name of the travel agency used when making the reservation, etc. were written, but by the time Mr. Alex accessed, the plane had already finished the flight. So I couldn't change anything here. So, for more information, Alex right-clicked to access 'Investigation of Elements.'

'Element investigation' is a function to display the HTML used in the website, and is used when the programmer wants to understand how the website works. When Mr. Alex searches for 'passport' with Ctrl + F, he finds a place where Mr. Abbott's passport number etc. are written. However, even if I searched for words such as 'phone' and 'number', I could not retrieve personal information such as phone numbers.

However, if you take a closer look, some HTML contains code that doesn't make sense.

RQST QF HK1 HNDSYD / 03EN | FQTV QF HK1 | CTCM QF HK1 614 [phone number] | CKIN QF HN1 DO NOT SEAT ROW [row number] PLS SEAT LAST ROW OF [row letter] WINDOW

There is also a mysterious sentence that says 'Hitomi wanted Abbott to FAST TRACK.'

HITOMI CALLED RQSTING FASTTRACK FOR MR. ABBOTT

Alex thought that the above string must be the code used by the airline, and searched Google for the code that the airline uses independently. As a result, the mysterious code turned out to be an abbreviation. An example of the abbreviation is as follows.

RFTV / Reason for Travel
UMNR / Unaccompanied minor (children traveling alone)
PDCO / Carbon Offset
WEAP / Weapon
DEPA / Deportee—accompanied by an escort (accompanied deportee)
ESAN / Passenger with Emotional Support Animal in Cabin (

emotional support companion animals to be is in the room)

And the CTCM contained in the text that Alex discovered was found to be the passenger's phone number, and Alex was able to obtain Abbott's personal phone number.

Alex then spent months contacting Abbott's personal assistant and had the opportunity to interact with Abbott himself. According to Alex, Abbott confirms 'Is my understanding of how Alex got his passport number?' And asks how to learn such 'about IT.' It seems to be. 'He asked the good question,'How much information is included in the boarding pass and what do people like me need to keep safe?' And'Why the boarding pass to passport number?' 'Is it possible to get to know this, but not from a bus ticket?'' Said Alex. Abbott also reportedly said, 'I think this is a picture of what people in my age feel and how.'

Before telling Abbott about the hack, Alex was afraid he might be misunderstood and arrested, but that didn't happen.

In addition, Mr. Alex also informed Qantas of Australia who hacked about the problem that 'personal information of passengers will be known from the boarding pass', and the problem has already been fixed at the time of writing the article. is.