Cutting Student MetroCards: Vote Delayed
Ugh. Just get it over with already so we can go on with our lives realizing that this is not the end of the world. This is a followup to SUBWAYblogger’s recent post on this subject that became quite the source of debate. The vote to cut the program has been delayed. However, there are [...]
Read MoreMIT Kids: Please come hack us!
Who knew all we needed was some MIT kids to help us get around any future fare hikes.
Apparently, some students at MIT made it a class project to hack the Boston subway system (aka the T). As a matter of fact, the title of the project is: “The Anatomy of a Subway Hack: Breaking Crypto RFIDs & Magstripes of Ticketing Systems.”
Now, the students are computer security majors, so you can see the fit.
They planned to give their 80+ slide presentation at Defcon, a very large security conference.
However, the MTBA sued to have the presentation stopped. A judge ordered a temporary restraining order keeping the presentation quiet.
The EFF (Electronic Frontier Foundation) got involved to fight the order.
Anyway, the kids had successfully shown how to generate and reverse engineer CharlieCards and CharlieTickets, the Boston version of Metrocards.
They basically did in a semester what any professional hackers could do, but planed to use it as an educational tool. Sure, stealing rides is illegal, but the bigger issue is that some students were able to beat a system pretty easily.
Makes me wonder what kind of havoc they could wreak with the Metrocard system.
- 35 Rider Opinions
- Tags: boston subway system, charliecard, computer security, electronic frontier foundation, mit, professional hackers, ticketing systems
It’s been done. Read here:
http://events.ccc.de/congress/2005/fahrplan/attachments/594-paper_MagneticStripeTechnology2.pdf
Basically, MetroCards (unlike CharlieCards) store their information in an unencrypted, but completely non-standard format. Because of this you’ll need to construct a custom card reader (off the shelf one won’t work). but once that has been completed you can read and rewrite your card including the card value.
But there’s a catch: The MTA stores your fare in a central database. To speed up fare collection, the turnstile “trusts” your card at face value, but every few minutes it will update its information with the central DB. So you can use your hacked card once, but once the turnstile “phones home” it will notice the difference and add your card to a list of invalid cards. This list is pushed to the turnstiles and stored locally, so you will be rejected next time you try to swipe.
So the question becomes, how can you trick the central DB into believing your hacked card is valid? The MIT presentation doesn’t seem to address this issue.
Replyhttp://www-tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf
Perhaps because CharlieCards are encrypted the central DB trusts their value, although this seems unlikely.
These kids were exposing stupidity on the part of a large mass transit management team. They did good. When you slam students or hackers for good hacks, you force them below ground. Narrow minded idiots will prosecute non-malicious hacking because they need to prove they are worthy of their pay and the fact is they could not catch a serious hacker to begin with so they pick the low hanging fruit. We as a nation have to support good hacks. Sooner or later a good hacker will save us in a way nobody can even imagine yet.
ReplyNothing. The Metrocard system is entirely different. The cards sync with the master computer every 7 minutes. THe master computer understands the balance of each card. The metrocard is broken into three “stripes” on the magnetic strip. It records date and time of purchase, original amount, current amount, number of times swiped, time of last swipe, location of last swipe and amount removed in last swipe.
You could alter this data (I seem to remember the encoding scheme is the same as they used to use on older airline tickets) and add extra money, but after the central computer was updated 7 minutes later it’d notice the anomoly of your card (more money than it shouold have had) and just disable it. So, at most, you can get $2 extra from a card. Being that you need to spend at least $4 to buy one, you’ll break even.
ReplyVery cool stuff!
ReplyEvery time I read on this, it usually is the same. At long last somebody has presented a unique and meaningful perspective.
ReplyIt’s trivial toward without hesitation finally locate a website where the blogger really knows what he is talking about.
ReplyThis is really a extremely interesting post, thank you for sharing! There are many blogs on this topic but this 1 states precisely what I believe also.
ReplyConsiderably, the post is actually the freshest on that worthy topic. I concur with your conclusions and definitely will eagerly look forward to your incoming updates. Saying thanks can not just be enough, for the fantasti c lucidity in your writing. I definitely will promptly grab your rss feed to stay informed of any updates. Pleasant work and much success in your business efforts!
ReplyIntimately, the post is actually the freshest on this laudable topic. I match in with your conclusions and definitely will thirstily look forward to your approaching updates. Just saying thanks will certainly not simply just be enough, for the outstanding lucidity in your writing. I can without delay grab your rss feed to stay informed of any kind of updates. Solid work and also much success in your business enterprize!
ReplyConsiderably, the article is actually the sweetest on that deserving topic. I match in with your conclusions and also will thirstily look forward to your next updates. Saying thanks can not simply just be acceptable, for the amazing lucidity in your writing. I will certainly instantly grab your rss feed to stay informed of any updates. Authentic work and also much success in your business dealings!
ReplyI have been looking for this information for a while now, thank you.
ReplyEasily, the post is really the greatest on that precious topic. I harmonise with your conclusions and also will certainly thirstily look forward to your incoming updates. Just saying thanks will not just be enough, for the extraordinary lucidity in your writing. I will promptly grab your rss feed to stay abreast of any updates. Genuine work and much success in your business endeavors!
ReplyWonderful stuff as common…
ReplyWith ease, the post is really the greatest on this precious topic. I harmonise with your conclusions and will thirstily look forward to your incoming updates. Just saying thanks will certainly not simply be sufficient, for the extraordinary lucidity in your writing. I will certainly quickly grab your rss feed to stay abreast of any kind of updates. Genuine work and also much success in your business endeavors!
ReplyMy spouse and I absolutely love your blog and find a lot of your post’s to be precisely what I’m looking for. can you offer guest writers to write content in your case? I wouldn’t mind composing a post or elaborating on some of the subjects you write concerning here. Again, awesome blog!
ReplyReally amazing read ! I will try to visit your blog again and again in the need of such content provided by you.
Thanks
ReplyGood post. I very interested in the article.
ReplyWonderful site, where did you come up with the information in this article? I’m happy I found it though, ill be checking back soon to see what other articles you have.
ReplyNice post. Thanks for sharing this precious information. I simply bookmarked this site. I will verify on future post.
ReplyYou completed several good points there. I did specific searches about the issue and located nearly all people is going along with with your blog.
ReplyThanks , I have recently been looking for information about this topic for ages and yours is the best I have discovered so far. But, what about the bottom line? Are you sure about the source?
ReplyThere are some attention-grabbing closing dates on this article however I don’t know if I see all of them heart to heart. There’s some validity however I’ll take maintain opinion until I look into it further. Good article , thanks and we want extra! Added to FeedBurner as effectively
ReplyI have noticed that fixing credit activity has to be conducted with tactics. If not, it’s possible you’ll find yourself damaging your standing. In order to reach your goals in fixing your credit rating you have to ensure that from this moment in time you pay your entire monthly costs promptly prior to their timetabled date. It is really significant simply because by not really accomplishing so, all other steps that you will decide to use to improve your credit ranking will not be efficient. Thanks for giving your tips.
ReplyI see something really interesting about your site so I saved to favorites .
ReplyI have noticed that in video cameras, unique receptors help to target automatically. These sensors with some digital cameras change in in the area of contrast, while others utilize a beam of infra-red (IR) light, specifically in low lumination. Higher standards cameras often use a combination of both models and could have Face Priority AF where the camera can ‘See’ a face while keeping your focus only on that. Thanks for sharing your opinions on this blog site.
ReplyThrough my investigation, shopping for electronic devices online can for sure be expensive, yet there are some tips and tricks that you can use to obtain the best bargains. There are always ways to uncover discount promotions that could make one to possess the best electronic devices products at the lowest prices. Interesting blog post.
ReplyThanks for your article on the traveling industry. I’d personally also like to add that if you are a senior taking into consideration traveling, it can be absolutely crucial to buy travel cover for senior citizens. When traveling, senior citizens are at biggest risk being in need of a health-related emergency. Obtaining the right insurance policies package on your age group can look after your health and provide you with peace of mind.
ReplyThanks for the thoughts you are revealing on this weblog. Another thing I would really like to say is getting hold of some copies of your credit report in order to inspect accuracy of each and every detail will be the first step you have to perform in credit score improvement. You are looking to clean your credit profile from damaging details errors that mess up your credit score.
ReplyHeya i’m for the primary time hereI came across this board and I to find It really helpful & it helped me out muchI hope to give one thing again and help others such as you helped me.
ReplyThanks for writing this good article.
http://techcovery.com/
ReplyI have discovered some points through your blog post. One other thing I would like to state is that there are numerous games on the market designed mainly for preschool age small children. They consist of pattern identification, colors, animals, and models. These often focus on familiarization as opposed to memorization. This makes little children occupied without experiencing like they are learning. Thanks
ReplyI have learned new things by your site. One other thing I would really like to say is newer computer system operating systems usually allow additional memory to use, but they furthermore demand more memory space simply to run. If a person’s computer can’t handle much more memory along with the newest software package requires that ram increase, it might be the time to shop for a new PC. Thanks
ReplyWell, the article is really the freshest on that notable topic. I agree with your conclusions and will thirstily look forward to your approaching updates. Saying thanks definitely will not simply just be acceptable, for the tremendous clarity in your writing. I can instantly grab your rss feed to stay privy of any kind of updates. Pleasant work and also much success in your business efforts!
ReplyThanks for your tips on this blog. A single thing I would want to say is that purchasing electronic products items in the Internet is not something new. In truth, in the past 10 years alone, the market for online electronic devices has grown a great deal. Today, you’ll find practically just about any electronic unit and devices on the Internet, which include cameras and camcorders to computer components and gaming consoles.
ReplyThe Steelers always beat the Bengals, and whenever they somehow manage to lose, its always via self-inflicted injury or turnovers. I dont remember the last time the Bengals straight up beat the Steelers. Could happen this year, you never know. But Cincy has the offense that SHOULD be able to beat us. Running teams dont do well against our defense, but passing teams do.
Reply