Subway hacker speaks


Popular Mechanics has an interview with [Zach Anderson], one of the MIT hackers that was temporarily gagged by the MBTA. The interview is essentially a timeline of the events that led up to the Defcon talk cancellation. [Zach] pointed out a great article by The Tech that covers the vulnerabilities. The mag stripe cards can be easily cloned. The students we’re also able to increase the value of the card by brute forcing the checksum. There are only 64 possible checksum values, so they made a card for each one. It’s not graceful, but it works. The card values aren’t encrypted and there isn’t an auditing system to check what values should be on the card either. The RFID cards use Mifare classic, which we know is broken. It was NXP, Mifare’s manufacturer, that tipped off the MBTA on the actual presentation.

Comments

  1. Joey Y says:

    Heh. from the rss feed, I thought this article was going to be about hacking subway (pa) speakers… oh well.

  2. m@! says:

    this was one of the most informative slides at defcon 16 imo. if anyone is interested in reading it (and look at pretty pictures) then d/l the defcon cd and check it out. i was truly heartbroken that the speech was canceled but shocked of how it went down. what was originally going to be a standard EFF panel ended up as a press conference for these guys. DEFCON AMBER ALERT!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 91,896 other followers