MIT Students: ‘T’ Card System Easily Hacked

By on

MIT students seemed to have hacked the Charlie Card System and could obtain free public transportation for life. I’m gonna have to take the Bus down to MIT and get in touch with these guys for an interview. Here’s the full story:

BOSTON — The Massachusetts Bay Transportation Authority has obtained a temporary restraining order barring three Massachusetts Institute of Technology students from showing what they claim is a way to get “free subway rides for life.”

Video: MBTA Blocks Hacker Presentation

The 10-day injunction, ordered by U.S. District Court Judge Douglas Woodlock, prohibited Zack Anderson, R.J. Ryan and Allessandro Chiesa from revealing what they claim are the vulnerabilities of the MBTA’s fare card.

The students claimed they had hacked the security features of the computerized “Charlie Card” and were scheduled to present their findings Sunday in Las Vegas at computer hacking conference.

“The Anatomy of a Subway Hack,” is the description of their presentation on the DEFCON 16 conference Web site.

“In this talk we go over weaknesses in common subway fare collection systems. We focus on the Boston T subway, and we present several attacks to completely break the Charlie Card,” the listing read.

The DEFCON 16 conference annually brings thousands of sophisticated hackers and technology security experts together.

“If what the MIT undergrads claim in their public announcements is true, public disclosure of the security flaws – before the MBTA and its system vendors have an opportunity to correct the flaws – will cause significant damage to the MBTA’s transit system,” MBTA attorneys wrote in their motion for the restraining order.

Anderson said the students never planned to show the public how to hack into the MBTA fare system.

“”We wanted to share our academic work with the security community and had planned to withhold a key detail of our results so that a malicious attacker could not use our research for fraudulent purposes,” Anderson said in a statement posted on the Web site of the Electronic Frontier Foundation.

The foundation, which said it would represent the students in court, said in a press release the students received an A grade from the professor who supervised their project. MIT was named as a defendant in the suit, but did not respond to requests for comment.

source: The Boston Channel

About the author

To Top