The New Freedom

Jump to Comments

Some MIT students have been banned from giving a talk at this years’ DEFCON about their hack on the Massachusetts Bay Transit Authority’s CharlieCard system.

I’ve got a copy of their forbidden slides, which I’m mirroring here. It’s a really good presentation, but unfortunately the links to their code in it aren’t working right now.

Anyway, the reason I’m posting this is because I live in Boston and I actually tried this hack last year! Funny thing is that I even own all of the exact same equipment that they use! Their work is far far more impressive though, where I was just playing with the the cards and my reader to see what was on them, they came up with a whole tool suite for reverse engineering the values on the card!

See, I figured that the only hacks on the system would be fuzzing attacks, as the value on the card would surely query a database to check the account’s value and decide whether or not to grant access to the rider. Otherwise, anybody could just buy one card and clone it indefinitely for free rides.

And, apparently, this is exactly how it works! Anybody with <$100 dollars worth of equipment can have unlimited free rides on the MBTA using cloned CharlieCards/Tickets. Sheer idiocy.

Now, the real challenge is the RFID system which I didn’t have the resources to tackle, but these kids are university funded and did some really great work cracking their crypto.

I’m wondering what the MBTA are going to do about this, whether they’re going to beef up security. I honestly doubt it, they simply can’t afford it. Unless some kind of black market appears for cloned CharlieCards, it wouldn’t be worth it for them. Which means that people with the proper equipment could theoretically be getting free rides for a very long time.

Anyway, brilliant job, team!
Rich

---

Stumble! | Save This Page! |