Free Subway Cards

A couple guys wanted to present their findings at DefCon this year. Their presentation was entitled “Anatomy of a Subway Hack”. This was a most interesting topic and presentation. I saw the slides posted from an MIT web site. Let me first give respect to the original authors Russell Ryan, Zack Anderson, and Allesandro Chiesa. Their paper reviewed many ways that the Boston Metro was vulnerable to easy hacking. I thought I would review some of there findings here in the interests of spreading the high level ideas.

These guys found the physical security of the Boston Metro to be weak. They had photos of computer screens which were easily visible to them. They also had photos of times when absolutely nobody was manning the metro surveillance center. These guys had found that metro employees would carelessly leave their IDs laying around. They also reported that much of the metro security uniforms could be purchased on Ebay.

Then the presentation focused on the data stored on a fare card. They determined this by reverse engineering some test fare cards they purchased. This was done with hardware costing a couple hundred dollars. There were a lot of fields stored in the fare card magnetic strip. The ones of interest to me were the ticket number, ticket type, dollar value, number of uses, and the check sum. That list alone sheds a lot of light on the fare card data.

Now on to some other weaknesses discovered by the boys. The fiber network switches that connected the fare card vending machines to the network were in an unlocked room. They had one word on how to make use of these switches: Wireshark. LOL. The guys went on to built a “warcart” that had all the hardware needed to hack the Boston subway. They reported that the police discovered them and they had to retreat. No big deal for that.
Recently I heard that a court is blocking these guys from presenting their information at DefCon. Groups are coming to their rescue citing First Amendment rights. I do not know the outcome of the case. I do know that these guys have seriously done their homework on hacking the metro system. I suspect they have a lot of money on their fare cards at the moment.