CharlieCards used to pay MBTA subway and bus fares can be hacked using Android phones, according to a Boston-based cybersecurity expert. Bobby Rauch.
MBTA says that for now, all that can be done to combat this potential threat is to disable fraudulent cards.
According to one person, the algorithm that writes data to CharlieCards can be easily hacked, and tools for doing so are accessible online. boston globe articleEach card contains a Near Field Communication chip, also known as NFC, that enables wireless communication between devices. NFC tracks CharlieCard values. A hacker can intercept the radio signal from one person’s girlfriend’s CharlieCard and copy the data to another person. Both original and duplicate cards work.
Rauch found that Android phones and CharlieCards both contain NFC chips, so Android phones can easily copy data from CharlieCards. This makes hacking much easier than before, when hacking required expensive equipment.
Some Google Pixel smartphones with the same NFC chip as Android can hack CharlieCard. You can download the free app from the Google Play Store to download data from your existing CharlieCard on both Android and Pixel phones and copy it to your new one. The Apple iPhone has an NFC chip, but it does not facilitate this type of hacking.
Data from CharlieCard could be stolen by Android hackers who are close enough to the user to catch the card’s radio signal, Raunch speculates at the Boston Globe. paper.
William Kingcade, Senior Director of Automated Toll Collection, MBTA, said: boston globe He doesn’t worry that many people will try to hack CharlieCards. MBTA’s computer network can detect counterfeit cards, but he estimates about 10 per month.
In 2008, an MIT student discovered a similar security problem with the card.When students planned to share this at a public computer hacking conference, MBTA sued Student and federal court issued gag orderStudents canceled plans to share information at the conference, but civil liberties groups resisted MBTA’s actions. The court reversed the hush order, and he later said MBTA dropped the case and agreed to speak with students about security issues.
MBTA demonstrated a change in approach and worked with Rauch to understand the flaws in the CharlieCard system.
MBTA plans to: Upgrade your fare system Smartphones and contactless credit card payments in 2024.
