The Network Hub

A SearchNetworking.com blog

» VIEW ALL POSTS Aug 11 2008   4:52PM GMT

If MIT students ride your subway system, you’d better beef up network security



Posted by: Shamus McGillicuddy
Tags:
Network
Network devices
Network security

Shocking news: The RFID fare card system that the Massachusetts Bay Transportation Authority (MBTA) uses on its buses and subway is totally hackable.

This past weekend, three Massachusetts Institute of Technology (MIT) students (Alessandro Chiesa, RJ Ryan, and Zack Anderson) were supposed to deliver a presentation at Defcon, a hacker conference in Las Vegas, about how they hacked the MBTA’s “Charlie Card” fare card system. They created software that allowed them to create clones of the RFID cards that could allow them to ride for free on the transit system forever.

They made one mistake. Before delivering their presentation, they met with MBTA officials to warn them about the transit system’s insecurity and to offer tips on how to protect it. The MBTA responded by seeking and winning a court injunction, preventing the students from presenting their findings.

However, the injunction didn’t come through until after the students had already distributed copies of their PowerPoint presentation to all Defcon attendees. Those slides are now available online via The Tech, MIT’s student newspaper.

The slides reveal some very disturbing but unsurprising pieces of information. For instance, the turnstile control boxes in Boston’s subway stations are often unlocked and wide open. High-tech surveillance stations are often left unattended (I’ve seen this myself many times at the Back Bay T station.). Official MBTA materials, such as MBTA inspector coat patches, MBTA hats and MBTA license plates are available on eBay. The students were even able to find an unlocked room where the network switches that connect fare card vending machines to the MBTA’s internal network are located.

Was the MBTA trying to get hacked? Look at the photographs and see for yourself.

This should come as no surprise. After all, this is an organization that is running a $75 million deficit, despite a 27% fare increase in January 2007 and a 6.1% increase in ridership during the last fiscal year. Does anyone expect them to run a tight ship?

Any organization in Boston should be on its toes at all times. MIT is known for its hacking hijinx. Just look at the school’s own website, where you can find a gallery of Interesting Hacks to Fascinate People.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: