This article was published on August 5, 2016

Hacker sneaks into airport lounges by generating fake QR codes on his phone

Hacker sneaks into airport lounges by generating fake QR codes on his phone
Bryan Clark
Story by

Bryan Clark

Former Managing Editor, TNW

Bryan is a freelance journalist. Bryan is a freelance journalist.

If you’ve ever had to wait hours for a delayed flight you’re fully aware of the difference between slumming it with hundreds of other frustrated travelers, or grabbing a nap, shower or just a nice drink from a first class lounge. Even if you’ve never experienced the latter, the difference should be clear — you always want to be in the lounge.

Przemek Jaroszewski, the head of Poland’s Computer Emergency Response Team (and a frequent flyer) wasn’t able to gain access to the lounge at Warsaw’s airport due to an error. Like any enterprising hacker, he went to work on a solution — a mobile QR code generator that produces a valid QR based on phony credentials he inputs.

Jaroszewski has since tested the creation multiple times at airports all around Europe, and each time it works without fail.

The trick works because most airport lounges don’t cross-check the information provided by the fake QR, instead they just confirm the flight number is real. This hack would potentially allow hackers with economy class tickets to sneak into first class lounges, if Jaroszewski planned to release it to the public.

Unfortunately, he has no intention of doing that.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with