Subway Hacker Speaks

Popular Mechanics has an interview with [Zach Anderson], one of the MIT hackers that was temporarily gagged by the MBTA. The interview is essentially a timeline of the events that led up to the Defcon talk cancellation. [Zach] pointed out a great article by The Tech that covers the vulnerabilities. The mag stripe cards can be easily cloned. The students we’re also able to increase the value of the card by brute forcing the checksum. There are only 64 possible checksum values, so they made a card for each one. It’s not graceful, but it works. The card values aren’t encrypted and there isn’t an auditing system to check what values should be on the card either. The RFID cards use Mifare classic, which we know is broken. It was NXP, Mifare’s manufacturer, that tipped off the MBTA on the actual presentation.

2 thoughts on “Subway Hacker Speaks

  1. this was one of the most informative slides at defcon 16 imo. if anyone is interested in reading it (and look at pretty pictures) then d/l the defcon cd and check it out. i was truly heartbroken that the speech was canceled but shocked of how it went down. what was originally going to be a standard EFF panel ended up as a press conference for these guys. DEFCON AMBER ALERT!

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.