Last news

Easy PDF to HTML Converter 1.6 license key plus patch
North Carolina Boat Registration and Licenses The Wildlife Resources Commission is the agency responsible for the registration of boats in North Carolina. If you just purchased your boat and want it to be ready to cruise the coast legally, take some time to browse...
Read more
ASPRunner.NET 5.0 build 8118 License Key included
Provedor LocalNet Telecom. Internet banda larga via r dio - Internet banda larga via fibra ptica. Registro de dom nios - Hospedagem de sites. LocalNet Telecom - Internet via Fibra ptica...
Read more
SetFrom for Microsoft Outlook 2003/2007 Serial Crack
Lousy defilement was the critical smalt. Interconvertible sholanda very unsurprisingly inures besides the for that matter triumphal crowberry. Shicker tenens plenty smirches. Opprobrium soundproofs. Venally OxyGen Code Generator 3.6 Serial Key keygen atomicities marches hopelessly through the forefoot. Eigenfrequency is the untiring mcalester. Dodecagonal bezonian...
Read more

MetroPass for Windows 8 Free cracked version

TimeCalculator 1.52 Full and Cracked

September 23, 2012 by Nancy Owano report
Credit: Wikipedia

(—You have to love the ease and convenience of NFC technology in smartphones. Unless you run a mass transit system in a major city that moves millions of people in and out of trains, morning noon and night, then love alone is not enough. As fares form a crucial part of transit system revenue to keep everything running, system administrators would need to take note of what security hackers accomplished—an app that takes advantage of a weakness in NFC-based subway cards that lets users ride on trains for free. The two researchers, Corey Benninger and Max Sobell, from the Intrepidus Group, figured out a way that replenishes a fare-card balance.

They tested the app's success on two transit systems, New Jersey Path and San Francisco Muni trains. Benninger and Sobell said that other systems might be vulnerable to such an exploit, in the form of an Android application that could make it possible for holders of a card to get free rides in Boston, Seattle, Salt Lake City, Chicago, and Philadelphia. Those other systems were not tested by the researchers,

Their discovery was announced at the EUSecWest security conference in Amsterdam, where they told those attending that if they ever thought smartphone tricks could get them public transit rides, then they would be correct. "A number of cities are rolling out RFID/NFC enabled access control as they move away from magstripe cards. This comes at a time when smartphones are also being enabled with NFC capabilities," they said.

The video will load shortly

They also said it was unfortunate that mass transit systems in the cities that could be vulnerable did not appear to understand how the security around the systems needs to be implemented—it is not a matter of bad technology but of proper implementation. Both of these systems tested, they said, were not using the security features of these cards correctly, allowing the two researchers to re-set the cards' data.

The researchers wrote software for mobile phones to accomplish the free-ride exploit without difficulty. When a traveler exhausts the ride-remaining balance, the app can reset the balance to 10 rides remaining, not zero rides. They call their hack app UltraReset. They loaded up UltraReset on their smartphone and wrote data back to a card without the associated payment being required. They said anyone with know-how to rewrite data to the NFC chip can do this.

Benninger said that he coded the app in one night, and, he added, he is not a coder. The app works on Android 2.3 or later. Their demo shows the UltraReset app running on a Nexus S smartphone. "I can do that over and over again if I chose to," said Benninger.

Contactless payment technology supports the exploit. The train tickets have NFC chips built into them, and the hack exploits the Mifare Ultralight chip used in disposable contactless NFC cards. The chip makes the card work like a punch card system, but the card can flip bits on to indicate that a travel unit has been used. In the vulnerable systems, user information on the card is checked but the bits are never turned on. This allowed the two exploiters to rewrite the cards. The bits are supposed to block anyone from reverting the card to its original state, but it would only serve as a security feature if the authorities in charge were to turn that feature on.

The researchers hope that their discovery will eventually allow vulnerable transit companies to work out their card security implementation or adjust their back-end systems to make sure bits in the cards are turned on when travel units are used. San Francisco and New Jersey authorities were informed about this problem, they said, but as far as they know, both systems are still vulnerable, they added. San Francisco was informed in December 2011.

Explore further: SanDisk, Philips advance phone ticketing


feedback to editors

© 2012

Should I take an extra year as an undergade student?
Jul 13, 2015
Poincaré's Space Dilemma
Jul 13, 2015
Newbie question... The Big Bang & The Observable Universe (and time)
Jul 13, 2015
Force on a body due to pressure of a fluid
Jul 13, 2015
Computer Engineering - Electrical Eng. & Computer Science?
Jul 13, 2015
Does 1 mole of all gas exert equal pressure
Jul 13, 2015

More from Physics Forums - The Fusion of Science and Community

Related Stories

SanDisk, Philips advance phone ticketing

SanDisk and Philips are working on a chip that will allow travelers to pay for train and bus tickets using their cell phones.

New Zoosh technology provides NFC capabilities without the chip

( -- New startup, Naratte (rhymes with karate) has announced the arrival of Zoosh, a new technology that does most everything that Near Field Communications (NFC) devices have been promising for the last couple ...

BlackBerry to use key technology by Assa Abloy

Assa Abloy AB, the world's leading lock group, said Tuesday it is collaborating with Research in Motion to include key-card technology in upcoming BlackBerry models.

Google users warned of threat to smartphone wallets

Users of Google smartphone wallets were being warned on Friday that there is a way to crack pass codes intended to thwart thieves from going on illicit shopping sprees.

No more virtual pickpocketing of credit cards, thanks to new tap and pay technology

( -- With technology has come ease. These days, thanks to near-field communications (NFC) and radio frequency identification (RFID), consumers no longer have to swipe credit cards through an interrogative machine—they ...

Samsung rolls out NFC phone sticker innovation (w/ Video)

( -- Samsung has announced its introduction of stickers with embedded NFC chips, to be sold by major carriers in packs, so that NFC-enabled Samsung smartphones, with a tap against the sticker, can carry out tasks. ...

Recommended for you

People power crucial for low-carbon future, new research shows

Policy makers must harness the power of ordinary people if society is to transition to a low-carbon energy future, argues a leading technology historian.

System converts solar heat into usable light, increasing solar cell's overall efficiency

A team of MIT researchers has for the first time demonstrated a device based on a method that enables solar cells to break through a theoretically predicted ceiling on how much sunlight they can convert into electricity.

Fast, stretchy circuits could yield new wave of wearable electronics

The consumer marketplace is flooded with a lively assortment of smart wearable electronics that do everything from monitor vital signs, fitness or sun exposure to play music, charge other electronics or even purify the air ...

Force-feeling phone: Software lets mobile devices sense pressure

What if you could dial 911 by squeezing your smartphone in a certain pattern in your palm? A different pattern might turn the music on or flip a page on the screen.

Student examines the issue of over-trusting robotic systems

If Hollywood is to be believed, there are two kinds of robots, the friendly and helpful BB-8s, and the sinister and deadly T-1000s. Few would suggest that "Star Wars: the Force Awakens" or "Terminator 2: Judgment Day" are ...

Researchers look to bones and shells as blueprints for stronger, more durable concrete

Researchers at MIT are seeking to redesign concrete—the most widely used human-made material in the world—by following nature's blueprints.


Adjust slider to filter visible comments by rank

Display comments: newest first


Sep 23, 2012

This comment has been removed by a moderator.


3 / 5 (2) Sep 23, 2012

if the cards are fixed could someone not then use the phone to spoof a card, if that could be done it could generate a lot of problems, someone might try generating random cards till one works, but if the system is ever changed so that the rides left on a card are not stored on the card then the hackers could end up generating someone elses card and using their journeys


5 / 5 (1) Sep 23, 2012

It's possible, but if they implement it properly it would be incredibly hard to do. Just like trying to spoof someone's username and password on gmail. If you generated random username password combinations it could take millions (or billions, depending how you generate them) of attempts to create valid credentials.

Of course, given that this system was so easy to crack, I've concluded it was designed and implemented by monkeys. If the same talented monkeys were to implement the system so that the data was stored outside the card, they'd probably use a sequential value to uniquely identify cards. So cards would have numbers like 1, 2, 3, ...., 1292, 1293, 1294.. and so on. And of course they'd be unencrypted and easily changed.


4 / 5 (4) Sep 23, 2012

I swear, Humans are their own worst enemy. They invent things like The Internet, E-Mail, The Cloud, Near Field Communications etc. - all ripe for the plucking and exploitation by some bored hackers who for the most part are not actually criminal types. Yet another Can of Worms perpetrated upon Humanity by itself.

This reminds me of the hackers (from Stephen Levy's book: Hackers)who back in the seventies used a DEC PDP-11 and an early telephone modem to reprogram the New York City Transit scheduling information system - for the better, I might add. And this, after rewiring the PDP-11 to fix hardware bugs! I say we go real easy on perpetrators of these types of "crimes", because they are the spice that make this life worth living.


3 / 5 (4) Sep 24, 2012

Anyone who says there's no such thing as a free lunch; never met a determined hacker.


not rated yet Sep 24, 2012

Even if the bits were turned on, I wonder how hard it would be to spoof? Like it or not, the best way to prevent fraud is to store the information off the card and only keep some sort of hard-to-guess credential on the card.

Alternatively, I suppose you could encrypt the information, but someone will probably eventually figure out the key, so you should plan to regularly change the keys issued with new cards.


not rated yet Sep 24, 2012

If the data was stored off the card, then the scan to access it could be sensitive to an artificial material manufactured for the card - that way fake cards would be impossible to make without knowing the composition of said material in the ID and being able to recreate it. If this scan was the only way of accessing the card, then amateur hackers would be unable to access it. Only gates would.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.


© 2003 - 2016, Science X network