MBTA Drops Lawsuit Against MIT Subway Hackers

December 23, 2008 by Eliot 8 Comments

The Massachusetts Bay Transit Authority (MBTA) has dropped its federal case against three MIT researchers, “the subway hackers”. This happened in October and now the EFF brings news that the students will be working with the MBTA to improve their system. The overall goal is to raise security while keeping expenses minimal.

This whole mess started in August when a gag order was issued against the students’ presentation at Defcon. It’s a shame no one ever saw it because it covers a lot of interesting ground. A PDF of the banned slides is still online. They performed several attacks against both the subway’s fare system and physical security. Our favorites by far were using GNU Radio to sniff the RFID card’s transaction and bruteforcing Mifare Classic with an FPGA.

Scratch Built RFID Tags

November 11, 2008 by Eliot 17 Comments

rfid

[nmarquardt] has put up an interesting instructable that covers building RFID tags. Most of them are constructed using adhesive copper tape on cardstock. The first version just has a cap and a low power LED to prove that the antenna is receiving power. The next iteration uses tilt switches so the tag is only active in certain orientations. The conclusion shows several different variations: different antenna lengths, conductive paint, light activated and more.

IR Glass Level Detection

November 7, 2008 by Eliot 15 Comments

[youtube=http://www.youtube.com/watch?v=DG3_2lvoL8A]

[Johnny Lee]’s colleague [Paul Dietz] has done some interesting work using interactive tables. He’s specifically researched how to determine how full a drink glass is. In the video above, he’s using Microsoft’s Surface, but this technique should work with any IR camera based multitouch table. Determining the drink level requires custom glassware that has a small prism inside. When the liquid level is above the prism, light passes through, but when it’s below the top it reflects more IR light back into the table. Using this information, restaurant staff could serve drinks in a more efficient manner.

[Paul] has worked on another project that uses RFID and capacitive sensing to a similar effect.

DIY RFID Implant

October 15, 2008 by Kimberly Lau 58 Comments

[youtube=http://www.youtube.com/watch?v=vsk6dJr4wps]

[Quethe] implanted an RFID chip into his hand so that he can access his handgun safe without having to fumble around for keys or buttons. He’s also planning to do more with the chip, including installing readers so he can access his car without keys. [Quethe] claims that inserting the chip hurts less than drawing blood. From the video he’s apparently using livestock grade equipment for the injection. While we applaud his ingenuity, we’re not sure that the convenience of easier access to guns and cars is actually worth the trouble of putting a chip in your body.

We’ve covered quite a a few hackers that have chosen to chip themselves in the past. [Mikey Sklar] did it back in 2005 after constructing a pair of pants to block the signal. [Amal Graafstra] ended up writing RFID Toys after implanting himself. [Larry Pesce] from the PaulDotCom podcast had his chip cloned on stage by [Major Malfunction] at ShmooCon. [Annalee Newitz] had her chip cloned by [Jonathan Westhues] while covering RFID hacking for Wired. It’s interesting to see the practice of DIY RFID chipping gaining traction, and, thankfully, all of the people just listed understand that it’s not a form of security.

[via Boing Boing]

Cloning And Modifying E-Passports

September 30, 2008 by Caleb Kraft 8 Comments

[googlevideo=http://video.google.com/videoplay?docid=-3185369830560352967&hl=de]

[THC/vonJeek] have released an application that allow you to backup and modify E-Passport data. Check out the video of Elvis checking in at the airport. Apparently there is no way for the machine to know if the passport has been tampered with.

[via Schneier]

Subway Hacker Speaks

August 24, 2008 by Eliot 2 Comments

Popular Mechanics has an interview with [Zach Anderson], one of the MIT hackers that was temporarily gagged by the MBTA. The interview is essentially a timeline of the events that led up to the Defcon talk cancellation. [Zach] pointed out a great article by The Tech that covers the vulnerabilities. The mag stripe cards can be easily cloned. The students we’re also able to increase the value of the card by brute forcing the checksum. There are only 64 possible checksum values, so they made a card for each one. It’s not graceful, but it works. The card values aren’t encrypted and there isn’t an auditing system to check what values should be on the card either. The RFID cards use Mifare classic, which we know is broken. It was NXP, Mifare’s manufacturer, that tipped off the MBTA on the actual presentation.

New E-Passports Cloned

August 7, 2008 by Benjamin Eckel 17 Comments

Within an hour, Jeron Van Beek was able to create a successful clone of Britain’s new E-Passport. All he needed was a £40 card reader, two £10 RFID chips, and a small, improvised script. Although the exact details were not specified, it looks like he read the ID on the real passport using the RFID reader, then he wrote it to the two blank chips and put them in the fake passports. There is also a flaw which may allow outright forging of the passports. Nearly all of the 45 countries using the system have not yet registered with the Public Key Directory, which was put in place to make forging impossible.

The government is claiming that this hack is a hoax, but recent reports have shown that these RFID systems were never secure. No matter what the actual truth is about these hacks, it can certainly be said that the ability to clone or forge these passports would be a devastating security issue for every country involved.

[Photo: Digital World Tokyo]

[via The Guardian]