Home / Uncategorized / NFC Hack Allows Free Rides On The Subway

NFC Hack Allows Free Rides On The Subway

Want to ride on the subway for free? While there is no such thing as a ‘free ride’ in life, there is a free ride on the subway when you use an NFC hack. Obviously this is completely illegal, but researchers have no discovered that contactless fare cards in New Jersey and San Francisco transit systems can be hacked using a special Android application and NFC technology.

The researchers demonstrated the method on Thursday at the EUSecWest security conference in Amsterdam. The method is easy, according to the researchers presenting it at the conference, and it can be loaded and reset as many times as they wish.

The original testing was done in 2011, but as far as it is known the vulnerability still exists in contactless systems. While the exploit was only tested in the NJ and San Fran system, many other subway systems also use contactless cards that could be vulnerable to the hacking. This includes cities like Boston, Seattle and Chicago.

So how does this hack work exactly? The hack exploits the Mifare Ultralight chip found in disposable NFC cards, allowing the data to be read and than changed using a special Android app. That’s it.
In order to test the security in your local transit system, the hackers/researchers have released a special version of the UltraReset Android software to the public. This will allow curious users to attempt to see how secure their system is but won’t allow re-writing or resetting for free rides.

This is a pretty serious security issue, and hopefully one that transit systems take seriously. What do you think?

[ source ]



About Andrew Grush

Check Also


Try Oculus Rift And Wii To Roam Around On The Back To The Future Hoverboard

Check out how you can fly in virtual space by using an Oculus Rift and a Wii Balance Board.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>