More and more today, it is becoming harder to avoid having some sort of RFID tag in your wallet. [bunnie], of bunnie:studios decided to ease the clutter (and wireless interference) in his wallet by transplanting the RFID chip from one of his subway cards into his mobile phone. Rather than the tedious and possibly impossible task of yanking out the whole antenna, he instead pulled the antenna of a much more accessible wristband with an RFID chip of similar frequency instead. Nothing too technical in this hack, just a great idea and some steady handiwork. We recommend you try this out on a card you haven’t filled yet, just in case.
Reader [Philippe] tipped us off about this video showing a set of subway steps being turned into a piano keyboard (english translation). The creators wanted to make taking the stairs rather than riding the escalator a bit more fun. They added pressure sensors to each step, then covered them with white and black keys to resemble a keyboard. When a passenger puts their weight on a step, the corresponding pitch is played out loud.
We may have lied in the title as this doesn’t really compare to hearing Josh Bell play for pocket change at your train stop. But coming across this setup on an otherwise mundane commute would really brighten up our day.
The Massachusetts Bay Transit Authority (MBTA) has dropped its federal case against three MIT researchers, “the subway hackers”. This happened in October and now the EFF brings news that the students will be working with the MBTA to improve their system. The overall goal is to raise security while keeping expenses minimal.
This whole mess started in August when a gag order was issued against the students’ presentation at Defcon. It’s a shame no one ever saw it because it covers a lot of interesting ground. A PDF of the banned slides is still online. They performed several attacks against both the subway’s fare system and physical security. Our favorites by far were using GNU Radio to sniff the RFID card’s transaction and bruteforcing Mifare Classic with an FPGA.
Popular Mechanics has an interview with [Zach Anderson], one of the MIT hackers that was temporarily gagged by the MBTA. The interview is essentially a timeline of the events that led up to the Defcon talk cancellation. [Zach] pointed out a great article by The Tech that covers the vulnerabilities. The mag stripe cards can be easily cloned. The students we’re also able to increase the value of the card by brute forcing the checksum. There are only 64 possible checksum values, so they made a card for each one. It’s not graceful, but it works. The card values aren’t encrypted and there isn’t an auditing system to check what values should be on the card either. The RFID cards use Mifare classic, which we know is broken. It was NXP, Mifare’s manufacturer, that tipped off the MBTA on the actual presentation.
