“Banned” slides — The Anatomy of a Subway Hack: Breaking Crypto RFID’s and Magstripes of Ticketing Systems

“Banned” slides — The Anatomy of a Subway Hack: Breaking Crypto RFID’s and Magstripes of Ticketing Systems

Make Pt0895
Now this is an exciting DEFCON! I didn’t go this year, but this talk was one of the ones I was eyeing! And it’s gone total bonkers!

The Massachusetts Bay Transportation Authority has sued three MIT students — Zackary M. Anderson ’09, Russel J. Ryan ’09, and Alessandro Chiesa ’09 — and MIT to prevent the disclosure of security weaknesses in subway ticketing systems. The students, who were working under EECS Professor Ronald L. Rivest, were planning to give a talk titled “The Anatomy of a Subway Hack: Breaking Crypto RFID’s and Magstripes of Ticketing Systems” at the DEFCON security conference Sunday. District Judge Douglas P. Woodlock issued a temporary restraining order earlier today enjoining MIT students from “assist[ing] in any material way to circumvent or otherwise attack the security of the Fare Media System.”

A copy of the presentation, which was distributed at DEFCON, is available here: Defcon Presentation (PDF).

WOW! The WarCart rules!

6 thoughts on ““Banned” slides — The Anatomy of a Subway Hack: Breaking Crypto RFID’s and Magstripes of Ticketing Systems

  1. figgalicous says:

    I mooninites cause panic, pushing this thing around is likely to get you a trip to Guantanamo. Can’t this setup be slimmed down or spit up to fit into multiple communicating containers (backpack, suitcase, etc) for team play. I know that it won’t get through turnstiles or down stairs, so I guess that it is supposed to sniff & clone RFIDs of passing transport users? It wasn’t clear in the PDF.

  2. zof says:

    Someone will mistake you for a homeless guy with a bunch of junk in his cart if you dress right. Fact is most of the public/law enforcement doesn’t know what any of that stuff is and will just assume you had a good dumpster dive and are on the way to the recyclers. Heck you might even get hand outs from the same people you steal data from :D

  3. Jon Anderson says:

    Looking through the presentation, you see that everything can be done subtly. Once they discovered that you could enter restricted areas and interact with equipment you shouldn’t even with actual workers around, they brought up the cart as a way to see how far you could push it.

Comments are closed.

Discuss this article with the rest of the community on our Discord server!

current: @adafruit - previous: MAKE, popular science, hackaday, engadget, fallon, braincraft ... howtoons, 2600...

View more articles by Phillip Torrone

ADVERTISEMENT

Maker Faire Bay Area 2023 - Mare Island, CA

Escape to an island of imagination + innovation as Maker Faire Bay Area returns for its 15th iteration!

Buy Tickets today! SAVE 15% and lock-in your preferred date(s).

FEEDBACK