Subway hacker speaks

posted Aug 24th 2008 9:30pm by Eliot Phillips
filed under: cons, security hacks

Popular Mechanics has an interview with [Zach Anderson], one of the MIT hackers that was temporarily gagged by the MBTA. The interview is essentially a timeline of the events that led up to the Defcon talk cancellation. [Zach] pointed out a great article by The Tech that covers the vulnerabilities. The mag stripe cards can be easily cloned. The students we’re also able to increase the value of the card by brute forcing the checksum. There are only 64 possible checksum values, so they made a card for each one. It’s not graceful, but it works. The card values aren’t encrypted and there isn’t an auditing system to check what values should be on the card either. The RFID cards use Mifare classic, which we know is broken. It was NXP, Mifare’s manufacturer, that tipped off the MBTA on the actual presentation.

Read

Comments [2]

tagged: checksum, crypto, defcon, defcon16, hacker, interview, mbta, mifare, mifareclassic, nxp, popularmechanics, rfid, subway

Reader Comments

Heh. from the rss feed, I thought this article was going to be about hacking subway (pa) speakers… oh well.

Posted at 10:05 pm on Aug 24th, 2008 by Joey Y

this was one of the most informative slides at defcon 16 imo. if anyone is interested in reading it (and look at pretty pictures) then d/l the defcon cd and check it out. i was truly heartbroken that the speech was canceled but shocked of how it went down. what was originally going to be a standard EFF panel ended up as a press conference for these guys. DEFCON AMBER ALERT!

Posted at 11:42 pm on Aug 25th, 2008 by m@!

Subway hacker speaks

Recent Posts

Reader Comments

Leave a Reply

Hacks

Resources

RSS newsfeeds

Most commented on (30 days)

Recent comments