Ride Subways for Free With Hackers' Android App
A Port Authority Rapid Train travels through New Jersey on its way to the World Trade Center station in New York.
CREDIT: Trevor Logan/Creative Commons
Your Android-powered smartphone may not be able to scramble your eggs or toast your bagel (yet), but it can reduce the cost of your daily commute to $0 — at least in theory.
Researchers have figured out a way to use an Android app to refill contactless fare cards, giving users free train travel.
The trick uses Android's NFC (near-field communications) chip to read and record the information from a full card. Once the card has been spent, the backup stored in the phone can be written back onto the card, eliminating the need to pay fares — ever.
Corey Benninger and Max Sobell, researchers at Intrepidus Group in New York, showed off their proof-of-concept app at Amsterdam's EUSecWest security conference yesterday (Sept. 20). They appropriately named it "UltraReset."
Benninger and Sobell successfully tested UltraReset only on San Francisco's Muni and the Port Authority of New York and New Jersey's PATH train systems, but said other systems that use contactless fare-collection methods may also be at risk.
Benninger and Sobell said the flaw is in the Mifare Ultralight chip found in disposable contactless fare cards, which can be rewritten by just about anybody with the right technical know-how.
Benniger admitted to Computerworld that he is not the savviest developer, but said he was still able to build the program in one night.
"I'm not a coder," Benninger said, "so if somebody knows what they are doing, it is pretty easy to do."
The researchers warned each agency about the potential for fraud, but said they believe the transit systems remain vulnerable to this type of hack. Chicago, Boston, Seattle and Salt Lake City also use contactless card readers on their systems.
A similar app, called UltraCardTester, has been made available to the public to demonstrate the proof. It can read the card but, for obvious reasons, isn't able to rewrite it.
NFC is a subset of RFID (radio frequency identification) technology, the same stuff that powers things like EZ-PASS tolls, computerized inventory systems and retail-store security portals.
Native apps such Google Wallet and MasterCard PayPass use RFID systems to make payments, but the possibilities go way beyond those examples. RFID chips that communicate with NFC-enabled phones can be programmed to launch apps, turn on Wi-Fi, adjust music volume, set alarms or switch to silent mode — all from simply holding your phone next to them.
This story was provided by SecurityNewsDaily, a sister site to TechNewsDaily.