Click on a label to read posts from that part of the world.
Hack your local subway
Frequent travelers on any metropolitan subway system know that the two major means for fare tracking and billing are via magnetic strip and Radio Frequency Identification (RFID). And every nerd and his RPG character know that those systems can be both readable and exploitable.To see how secure the Boston subway system was, several MIT students decided to run an analysis on the security of the infrastructure; what they found was a little disturbing. By simply wandering into unlocked doors, opening unlocked cabinets and peering around they were able to find keys to the system, get access to network hardware and find and copy employee identification.
On looking into the security of the magnetic and RFID systems, they were able to reverse engineer the code on the magnetic stripes and reconfigure the data to post $653 to a subway card. Similarly, the group analyzed the RFID contents and were able to disassemble the code.
The students point out that numerous transportation systems around the globe use these systems and technology.
Naturally, all of this quite illegal -- the students were just illustrating a point to the MBTA that there are security vulnerabilities in the system that can fairly easily be exploited. Hopefully, they and the company that makes subway infrastructures perks up and makes some serious security changes as a result of this reserach.
Check out the full 87 page presentation on the execution hosted at MIT.
Filed under: Activism, Transportation
Reader Comments (Page 2 of 2)
MICHAEL POLLET Aug 14th 2008 11:56AM
quick solution----turn the dogs on them.no more problems with the punks.
megatronrocks Aug 14th 2008 11:59AM
This is nothing new or shocking. M.I.T. kids were always the ones going around experimenting in Boston. They did the city of Boston a service by letting folks know how easily our so-called security can be hacked and shut down.
The city govt. in Boston is one of the worst I have ever seen in my life. I lived in Boston for 5 years and I saw the administration there do the dumbest things imaginable. Also, Bostonians are some of the most closed-minded people you will ever meet. It is no surprise that the security is so lousy because the people there believe they are perfect, and that there is nothing wrong because THEY don't believe anything is wrong. A lot of damage can be done in that city because of the foolish pride of the inhabitants.
Heather Aug 14th 2008 12:49PM
If you want the same kind of town with less people, come to Huntington, WV- where our city government worships KY and contributes its money to it and our people keep voting them in! :) I feel ya bud-on another note... why is it that you are a genius-you are a nerd? Angelina Jolie played a hacker (hot) and 21 just came out which was semi-true... Most are just jealous of the MIT kids cause you KNOW they're making the money :)
jk Aug 14th 2008 12:27PM
A woman terrorist was just captured in Pakistan yesterday, with maps of the NYC subway system. Guess where she graduated from... MIT, yep, we trained and taught her.
jk Aug 14th 2008 12:32PM
A female terrorist was captured in Pakistan yesterday, with maps and schedules of the NYC subway system. By the way, she is also a graduate of MIT.
joi Aug 14th 2008 12:40PM
What you all seem to forget is these minds are the top of the creme de la creme. This was done to prove to the MBTA that even their best security could be hacked.
Was it wrong, who's to say. But of I were on the MBTA board, I would invite them in to listen to their suggestions. These minds are future leaders...hear them out .
Button Aug 14th 2008 12:42PM
I just love and admire kids. They are SO intelligent!!! Why all the 40 somethings that run things are so stupidly dumb is beyond me. Security?? Not with the younger generation these days....and most of them have no mean agenda. They are just out to prove the governments are so extremely STUPID!!!
Steve Aug 14th 2008 12:48PM
Maybe some think its a joke but 9-11 wasn't a joke and if a terrorist had that info how many people would have died? Personally I thank those who find ways to protect us from our own errors before they cost real lives. Also dungeons and dragons is a cheap shot and attacking magic is playing dirty. I understand though how much it made your head hurt to think of those cute slams.
Dean Aug 14th 2008 1:19PM
Just another day in America.
kurt Aug 14th 2008 1:24PM
I am currently going to college for computer networking. As I take more and more advanced classes, I am becomming afraid of the technology we put out. Example: The business world that holds all of your critical information is going wireless so that there employees can wonder around the building inside or out and have access to those records. As a result, that information is accessable to anyone with a laptop, wireless card and the know how. Its not hard.
Ike Aug 14th 2008 1:26PM
It takes an idiot to fail to appreciate what the MIT students did. They gave the keys to improving security away for free and all you hear is criticism.
They caused no damage and may have prevented a future disaster.
Even if they ALL wear Spock ears as a daily fashion statement, I prefer them to the incompetent people running the show presently.
BJ Aug 14th 2008 1:46PM
Brilliant. Scary, but Brilliant!
Tony D. Aug 14th 2008 1:46PM
O K it's illegal that makes me feel much better. Like with bad guys having guns is illegal. Now if they pass about 100 new laws then maybe bad people wont get into the system. Bad guys or in this day and age woman don't care about your stupid laws. There's thousand of guns coning into this country everyday. Bad people don't OBEY the law.
mbaggett Aug 14th 2008 1:48PM
Why is there no comment thread about the West Helena Arkansas curfew? Why so hands off?
Mike Baggett
Rick Wolf Aug 14th 2008 1:54PM
Bravo MIT !!!. Maybe Tech can prepare business proposals fo every subway system in the world. You know, "For $250,000, we will show you the results 10 days before we publish". "For $2.5m we will fix your system".
Apparently, the ONLY security we have is to say "You attack us, and we level every Iranian mosque and govt building within 50 miles of Teharan." And we MEAN it.
Harry Aug 14th 2008 2:02PM
The world needs more good hackers. (The bad ones are never "brilliant," only cunning.) Those MIT kids need jobs when they graduate. That was a good way to advertise their skills. The Boston Transit Authority has to decide how much it wants to spend to upgrade its security system. At this point only a few brainiacs have successfully reversed magnetic codes on subway cards. Since one of their female graduates was recently involved in a plot to blow up NYC's subway, I hope MIT pays some attention to applicants' moral standards before admitting them.
Mike F Aug 14th 2008 2:09PM
I want them as security at Logan Airport. They do better than Homeland security.These kids deserve credit for their actions.
phil Aug 14th 2008 2:19PM
well duvel patrick and our lovely liberial a-holes here in mass are planning to sue them. They do not want to here what they have to say, after all the crap with the big dig and the billions that has been miss spent, the last thing that the guys up on beacon hill want to here is they have a problem with security. any one who thinks thed democrat party is for the working family needs to come to tax achussetts. the libs. are taxing everything. but the money is going to saleries, not to the bridges that are faling appart, or the schools, or to the city and towns, nope going to our elected officials pockets so the can have vacations, health care, oh and so the elligals can have the same. but deval (governor of mass) or the group on beacon hill do not want any one looking into security problems here in mass. and when some one finds a problem they come out and tell us how it is right, the way it is suppose to be, and the people who found the "none" existent problem will be prosecuted. it is a great system we have here in mass . please lets make deval patrick vice president.
Jan van Eck, CT Aug 14th 2008 2:33PM
Keep in mind that the subway system controllers and software were designed to run the trains, and to be accessible by the MTA personnel, not to keep hackers out. This premise, or point of view, may not be realistic, but let's remember that non-MTA personnel are not supposed to be "entering" the system. Sure, the really sharp kids at MIT can break in, and with their impeccable credentials can probably break into anything on the planet. Is it realistic to design systems with so much protection that nobody can break in? Probably not; you run the risk that the added code makes the system unworkable for the folkis who are actually using it daily. So another obvious solution is for the trains, the signals, the doors, the trunstiles to have "key-over" capability to simply bypass a disrupted system. I suspect they already have that capability.
Melissa in Boston Aug 17th 2008 8:52PM
I must say megatronrocks is right. I went to school in Providence RI where I met my bf at Brown U, I went to Johnson & Wales. We both live in Boston, I work at one of the many high end hotels, he is a MIT Grad Student that also teaches undergrad classes. My bf helped oversee this experiment and now that its public Boston MIGHT do something but I doubt it. I know I used to take the T everyday to work cause I live in Cambridge and work by Boston Public Gardens, Now I'm driving and paying everyday to park because I feel safer doing that(and I drive a car with NY plates in Sox-Land)