Saturday, 30 August 2008

MIT subway hack a lesson for L.A. Metro?

I just read through the entire dramatic 87-page PowerPoint presentation by the kids world Health Organization hacked Boston's T subway system ticketing organization -- and then got sued for it [via Globe] (they got sued, not me).�



If you've ever wondered how to reverse engineer those magnetic transportation cards to give yourself unlimited funds, or how to use of goods and services sophisticated radio set wave sniffing equipment to crack the turnstile computers (see image), or regular yearned to discover the location of vulnerable network jacks inside open rooms at T stations -- it's all here.



The three students behind the hack, which T officials said could cause "meaning damage to the transit system," volition participate in a federal hearing Tuesday where the T has named MIT as a negligent party in the creation of the offending project.�



You canful understand why the Boston transpo regime would be in hot water: Suddenly the major vulnerabilities of their unexampled and expensive ticketing system are all over the Internet. And worse, the system whose security they were responsible for for was turned into shredded wheat by a bunch of greenhorn engineering students (smart ones, mind you -- but still).�



If you come after the way the students interpret the bar code on the cards, you'll see that the magnetic data they contain is unencrypted. It's sort of like the T's wit reading scheme is built like a closed door -- that someone left unlocked.�



It power be an expensive moral for the T, simply it's probably worth it for the rest of us. Transportation officials all over the place will no dubiety be conducting audits of their possess systems to avoid similar humiliation. And the L.A. Metro system -- which if you're ever been a rider and seen how under the weather enforced its "honors system" riding rules are -- should be the number 1 to peep in the mirror.