Smart-card hackers expose dumb flaws
College students crack a relatively simple code in frequently used access technology to expose major security weakness.
Jenni Spinner -- Consulting-Specifying Engineer, 8/26/2008 9:37:00 AM
Three Massachusetts Institute of Technology (MIT) students hacked into Boston’s mass transit system earlier this year. Once in the system, they cracked the flimsy code guarding the data, enabling users to add money to fare cards without paying a penny. The act adds up to more than a prank—it exposes the inherent weakness in a security technology used in door-swipe badges, fare cards, and other security and access systems worldwide.
In 2006, the Massachusetts Bay Transportation Authority (MBTA) spent nearly $200 million upgrading its fare collection system. Because the Mifare Classic chip the new system uses a quickly crackable cipher (as demonstrated by the MIT students), MBTA officials are faced with the possibility of having to scrap that system and spend yet more revenue on a new, better-guarded technology.
Other departments have responded to the exposed security flaw. In the United Kingdom, London Underground officials installed a stopgap measure to secure the system while a permanent upgrade is being developed. In the Netherlands, government officials have placed security guards at doorways once guarded only by smart cards.
-
Why don't they get the MIT kids to write the code...so its unbreakable
Regulus Mavin - 9/26/2008 12:13:00 PM CDT
Industry Roundup
10/20/2009China, U.K. Leading Design Markets
03/31/2007Energy analysis software
08/12/2008
