This Hacker Created a QR Code Generator to Sneak Into Fancy Airport Lounges for Free. Who Wouldn’t Want That?

This Hacker Created a QR Code Generator to Sneak Into Fancy Airport Lounges for Free. Who Wouldn’t Want That?

Nowadays, waiting for a delayed flight is not a tedious or even infuriating experience as it used to be. At least for some, of course.

Instead of having to roam for hours in a crowded space, travelers can gain access to fancy airport lounges. It’s all about the comfort, you see? In a first class airport lounge you can rest, shower, have a drink or even buy goods at duty-free shops.

So, what happens if there’s an error and your special QR code based credentials are revoked, thus leaving you out of the heavenly airport lounge? Well, you could just go to the information desk and complaint about it… or you could create a dedicated QR code generator to hack your own QR codes… Just kidding, don’t do it.

The thing is that someone did just that. Przemek Jaroszewski, the head of Poland’s Computer Emergency Response Team and a frequent flyer who has a gold status, wasn’t allowed inside Warsaw’s airport lounge due to a technical error. It so happens that the automated boarding pass reader rejected Przemek QR code.

This issue inspired Przemek to put his hacker skills into “good” use. He developed an Android based QR code generator in which he can create QR codes with fake flight information that can be read by the lounge scanners with no problem whatsoever.

This video uploaded by Przemek himself shows how he bypassed the system in real time. It’s worth to watch.

Przemek is not trying to get away with this (he’d rather avoid the FBI). Instead, he is trying to prove a point. His app, which has been tested in several airports all across Europe, has led him to the conclusion that airport lounges only validate travelers with real flight numbers. They don’t cross-check personal information within the code itself.

This is a major security flaw that can be easily exploited by anyone. Travelers could get access to airport lounges and buy products that are exempt from taxes, without having their own flight ticket.

Wired’s article explains that “fake boarding passes are hardly a new hacker trick”. And we couldn’t agree more. But what about the QR codes themselves? If hackers can generate QR codes to forge credentials, what is stopping them from creating codes that when scanned can infect your mobile device with a virus? The simple answer would be to scan using a secure QR code reader.

Where can you get a Secure QR Code Scanner?

QR codes are usually accompanied by some sort of contextual information. This not only provides motivation for you to scan it but it also helps you feel safe that QR code’s link is not malicious. You wouldn’t just scan a random code and hope nothing bad happens.

In any case, if you accidentally happen to scan a QR code that distributes malware, chances are you wouldn’t have noticed it. Your QR code reader might no be able to check the QR code’s content and determine whether or not it’s safe to open.

In our search for the best QR code scanners out there, we’ve stumbled upon one in particular that outshines the others when dealing with this sensitive issue: Kaspersky’s QR Scanner

Kaspersky's QR Scanner

Kaspersky Lab is a company that excels at providing IT security services for consumers and businesses alike. Their software catalogue includes ad cleaner, password manager, safe browser and more. They even offer corporate products like file server security and systems management.

Kaspersky’s QR Scanner, it works as you’d expect: point your mobile device’s camera at the code and the app will do the rest. But instead of giving you the option to open the link on your browser right away, it’ll take an extra second to verify if the content is legitimate. If it’s not, it will let you know if there’s a phishing or malicious link.

As far as QR code readers go, Kaspersky brought something unique to the table that relates to those who want to be on the safe side after scanning a QR code; all of us, for that matter. Plus, the app is free 🙂

Heading back to the lounge

Przemek Jaroszewski’s experiment poses a problem that needs to be resolved sooner rather than later. Aside from the obvious which is that lounges are meant to be accessed by VIPs, the real deal here is that through the use of QR codes hackers can achieve a great many things.

Personal information could be retrieved, your device’s storage could get corrupted, mobile payments could be made without your consent… All of this can be prevented by double-checking… or installing Kaspersky’s QR Scanner. No more blind scanning QR codes!

Lucas Gingles is uQR.me’s Community Manager, Personal Account Assistant and Jedi Knight… Well, he loves Star Wars. Directing plays and short films are his alter ego professions.

4 Comments

  1. ROSA FUENTES 9 months ago

    Great article, important issue. Surprised so few shares and no comments… but on my part, Thanks for bringing this significant safe issue to my attention. Keep up the great posts!

    • Author
      Lucas 7 months ago

      Hi, Rosa! Glad you liked it. I’m truly humbled by your words. Here’s hoping it gets more attention 😀

  2. SophiaRivera 7 months ago

    As per my point of view, QR codes can be malicious and can trigger malicious action. But that QR code will not be the same as the legitimate QR code. If we can see carefully then we can find different patterns between two different QR Codes which provide same links. As of now, QR code risks have limited scope, but when there are more users, there will surely become a bigger risk. I found very interesting information in your article. The video is mind blowing but one question arise in my mind how to find that some of the advertisings may trick you into visiting a phishing site? There are so many online QR Code Generators & Reader tools are available like AshBox which can compete with Kaspersky QR Scanner. But is there any functionality available in this Kaspersky Scanner which can find malicious URLS first and instantly inform us?

    • Author
      Lucas 7 months ago

      Hi, Sophia. Your point of view is very insightful. As for your question regarding Kaspersky QR Scanner, we know that the reader itself detects malicious content and warns the user before the redirecting proceeds. I can’t ascertain how it actually works, though.

Leave a reply

Your email address will not be published. Required fields are marked *

*