Smartphone App Can Reset Subway Cards, Debunks No Such Thing as a Free Ride
There’s been a number of horror stories associated with radio-frequency identification (RFID) and near field communication (NFC) standards over the years. From the idea that random strangers could pick up any signals that, say, your credit card emitted from its embedded RFID chip, to the conspiracy theories about somehow tracking individuals with RFID-enabled clothing, the stories vary wildly, but one thing’s certain: Folks are wary of this technology’s implications. Unfortunately, it appears that New Jersey and San Francisco weren’t too concerned, as their transit systems can be fooled by smartphones fiddling with the RFIDs present in their metro cards, providing unlimited rides.
This comes courtesy of researchers Corey Benninger and Max Sobell, from the Intrepidus Group. The two cobbled together an Android application named UltraReset that uses the smartphone’s NFC capability to check on any data stored on a metro card. They only tested it on the New Jersey Path and San Francisco Muni trains, but postulate that similar systems could be exploited in Chicago, Seattle, Boston, Philadelphia, and Salt Lake City. That’s a pretty significant loophole, and promises to only expand as more and more cities move away from traditional cards.
The worst part is that it’s not a matter of needing new technology to fix this issue as much as it is an issue of properly utilizing the security protocols already in place. The application exploits the Mifare Ultralight chip used in the cards to make it think there are more travel units available, but there’s actually a security system in place to stop this. The chip can flip bits as units are used up, making the whole thing more secure, but this feature apparently isn’t currently implemented.
As far as Benninger and Sobell know, the exploit’s still present even though they, for example, warned San Francisco last December. That’s a comforting thought.