[ISN] MIT Subway Hack Paper Published on the Web

From: InfoSec News <alerts_at_private>
Date: Tue, 12 Aug 2008 14:25:00 -0500 (CDT)

By Chloe Albanesius

Massachusetts transit officials were skeptical that three MIT students 
were providing them with their complete presentation prior to Defcon, 
but an analysis by a security consultant said that the conference 
presentation alone was not enough to help someone hack the Boston subway 
system and get free rides for life, according to court documents.

Zack Anderson, R.J. Ryan and Alessandro Chiesa, undergraduate students 
at the Massachusetts Institute of Technology, were scheduled to present 
their paper about vulnerabilities within the Boston transit system at 
Defcon on Sunday, but the Massachusetts Bay Transit Authority (MBTA) 
successfully secured a 10-day restraining order against the trio on 
Saturday, and their presentation was cancelled.

Specifically, the students had uncovered vulnerabilities within the 
magnetic stripe and RFID card payment systems used for Boston Charlie 
Cards and Charlie Tickets.

The MBTA's "Charlie Ticket" is vulnerable to cloning and forgery 
attacks, according to a summary of the project submitted to the MBTA.


Visit Defcon Pics - Defcon Memory Repository 
Received on Tue Aug 12 2008 - 12:25:00 PDT

This archive was generated by hypermail 2.2.0 : Tue Aug 12 2008 - 12:44:06 PDT