1 min read

Buggy San Francisco E-Tickets Let Android Users to Travel for Free

Bogdan Botezatu

September 25, 2012

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Buggy San Francisco E-Tickets Let Android Users to Travel for Free

Security researchers from Intrepidus Group have demonstrated a vulnerability at the EUSecWest security conference in Amsterdam that lets San Francisco public transportation users travel for free.

According to the researchers, the contactless fare cards in the New Jersey and San Francisco transit systems use the Mifare Ultralight chip that allows anyone to rewrite the card as needed. The system relies on a series of bits that are flipped whenever a ride is used. Corey Benninger and Max Sobell used a NFC-capable Android smartphone and the “UltraReset” application to rewrite data on the card and restore the fare balance to 10.

I can do that over and over again if I chose to,” Benninger said in a quote for Computerworld. “I coded the app in one night,” Benninger said, “and I’m not a coder so if somebody knows what they are doing it is pretty easy to do.

The same contactless payment system is used in other US cities, such as Boston, Seattle, Salt Lake City, Chicago and Philadelphia, but the researchers were unable to test these systems as of this writing. However, the researchers published a modified version of the UltraReset app, called UltraCardTester, to let other users assess whether their transit system is vulnerable to this type of attack.

Our purpose is not to rub anybody’s nose in,” said Sobell. “We just want to raise awareness for an issue that potentially could affect many systems.

The researchers also claimed that the transit companies could fix this vulnerability by simply switching to a safer breed of RFID chips, or by implementing additional checks in the back-end system to ensure the bits in the cards are turned on when all the fares have been exhausted.

tags


Author



You might also like

Bookmarks


loader