Aussie Researchers Crack Transport Crypto, Get Free Rides 88
mask.of.sanity writes "Shoddy customised cryptography by a state rail outfit has been busted by a group of Australian researchers who were able to replicate cards to get free rides. The flaws in the decades-old custom cryptographic scheme were busted using a few hundred dollars' worth of equipment. The unnamed transport outfit will hold its breath until a scheduled upgrade to see the holes fixed."
Re:Killing anonymity (Score:5, Interesting)
More likely it is the Brisbane GoCard or Perth SmartRider - which use the horribly insecure MiFare Classic, which was compromised some years ago and there are 'off the shelf' exploits.
The operator of the Brisbane system even tried to play down [brisbanetimes.com.au] the significance of the MiFare Classic exploit when it was known before launch.
Free rides in adelaide (Score:2, Interesting)
I worked out how to get a free train ride in adelaide, and I didn't even need any custom equipment.
If the trains don't know the time, they stamp an error bit flag on the mag-stripe ticket. The gates that let you out, supposedly only if you have a ticket valid for that time, will let you past if you have an error bit. And there's no time limit.
Any fence can be scaled, but it does not (Score:2, Interesting)
It defines the social border, the socially accepted line.
Crossing this line involves a reaction from the society, which wants to defend its norms.
If I were an Australian General Prosecutor I would suggest 2 -3 years of imprisonment to these group of young researches so that the next time they would think twice before forging public transportation tickets.