Take a picture to (your?) mobile boarding pass
You probably know what a 2D barcode boarding pass is.
As any new technology it is subject to security flaws, not necessarily because the technology is flawed, rather because it can trigger flawed processes. Here's an example.
Airport officials used to check for your boarding pass AND passport when boarding an airplane. Now that we have mobile boarding passes (2D barcode pictures sent to your smartphone via web/email) controls have been relaxed: passengers can now scan their barcode on their own, and board without contextually showing their credentials.
I'm not sure that this is the standard process, but it happened to me more than once: credentials are checked at the security gate without checking the 2D barcode, and the barcode is checked when boarding without checking your credentials.
Can you spot the flaw? I leave that as an exercise for the reader...
The hint: use your smartphone to take a snapshot to a valid barcode (for example YOUR barcode as displayed on YOUR laptop screen), and use the picture for boarding. It works, and this is an action that can be performed at a distance...
The flaw (if you didn't spot it): if the credentials AND the barcode are not checked contextually, they might not match, and you're still allowed to board:
- The boarding pass that you show at the security gate is just a piece of paper printed from a PDF and security officials only check your name and flight number; the barcode can be used to validate that information, but is not used at this time
- The 2D barcode that you show while boarding might no match your credentials (that is, it might not be YOURS!)