Author Topic: Researchers crack Daveland state transport system, get free rides  (Read 974 times)

0 Members and 1 Guest are viewing this topic.

Offline Sionyn

  • Frequent Contributor
  • **
  • Posts: 848
  • Country: gb
"Shoddy customised cryptography by a state rail outfit has been busted by a group of Australian researchers who were able to replicate cards to get free rides. The flaws in the decades-old custom cryptographic scheme were busted using a few hundred dollars' worth of equipment. The unnamed transport outfit will hold its breath until a scheduled upgrade to see the holes fixed."

http://www.scmagazine.com.au/News/320026,researchers-crack-aussie-state-transport-system-get-free-rides.aspx
eecs guy
 

Offline tom66

  • Super Contributor
  • ***
  • Posts: 3901
  • Country: gb
  • Electron Fiddler, FPGA Hacker, Embedded Systems EE
Re: Researchers crack Daveland state transport system, get free rides
« Reply #1 on: October 22, 2012, 03:25:01 pm »
Reminds me of my laundry system here at university.

We have cards which we top up using a code given to us after paying £10 (minimum.) We go to a machine, enter the code, and the card is topped up.

Of course they are not networked, so how does it do it? It stores two bytes on the card for the top up amount.  :o So with a readily available smart card reader, you can add as much top up as you like.

Also, the online form has a drop down menu for selecting the top up amount, with a minimum of £10. It is possible to edit the form data, and set the minimum to as little as 1p. No input checking from the application.  ???
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf