Sunday, August 10, 2008

Sorry Charlie...You've Been Hacked

There's been a lot of hype regarding contactless RFID cards and their security, or lack thereof.  My last post, entitled WarDriving 101 provides a good intro to the following one, which I could've called WarCarting 101


A federal judge on Saturday granted the Massachusetts  Bay Transit Authority's request for an injunction preventing three MIT students from giving a presentation about hacking smartcards used in the Boston subway system.   For the full restraining order click here


The undergraduate students had been scheduled to give a presentation Sunday afternoon at the Defcon hacker conference in Las Vegas that they had said would "describe "several attacks to completely break the CharlieCard," an RFID card that the Massachusetts Bay Transportation Authority uses on the Boston T subway line. They also planned to release card-hacking software they had created, but canceled both the presentation and the release of the software.

U.S. District Judge Douglas Woodlock on Saturday ordered the students not to provide "program, information, software code, or command that would assist another in any material way to circumvent or otherwise attack the security of the Fare Media System." Woodlock granted the MBTA's request after a hastily convened hearing in Massachusetts that took place at 8 a.m. PDT on Saturday.

The Electronic Frontier Foundation, (EFF)which is representing the students, anticipates appealing the ruling, said EFF senior staff attorney Kurt Opsahl.  EFF staff attorney Kurt Opsahl said that the temporary restraining order is "violating their First Amendment rights"; another EFF attorney said a court order pre-emptively gagging security researchers was "unprecedented."  Here's the press release from the Electronic Frontier Foundation: followed by Defcon 16's overview of the scheduled presentation:

The Anatomy of a Subway Hack:
Breaking Crypto RFID's and Magstripes of Ticketing Systems

Zack Anderson Student, MIT
RJ Ryan Student, MIT
Alessandro Chiesa Student, MIT


In this talk we go over weaknesses in common subway fare collection systems. We focus on the Boston T subway, and show how we reverse engineered the data on magstripe card, we present several attacks to completely break the CharlieCard, a MIFARE Classic smartcard used in many subways around the world, and we discuss physical security problems. We will discuss practical brute force attacks using FPGAs and how to use software-radio to read RFID cards. We survey 'human factors' that lead to weaknesses in the system, and we present a novel new method of hacking WiFi: WARCARTING. We will release several open source tools we wrote in the process of researching these attacks. With live demos, we will demonstrate how we broke these systems.

Zack Anderson is studying electrical engineering and computer science at MIT. He is an avid hardware and software hacker, and has built several systems such as an autonomous vehicle for the DARPA Grand Challenge. Zack is especially interested in the security of embedded systems and wireless communications. He has experience building and breaking CDMA cellular systems and RFID. Zack has worked for a security/intelligence firm, and has multiple patents pending. He enjoys building systems as much as he enjoys breaking them.


RJ Ryan is researcher at MIT. His longtime passion for security has resulted in a number of hacks and projects, including a steganographic cryptography protocol. RJ works on a number of technical projects ranging from computer security to operating systems, distributed computation, compilers, and computer graphics. He enjoys learning how things work, and how to make things work for him.


Alessandro Chiesa is a Junior at MIT double majoring in Theoretical Mathematics and in Electrical Engineering and Computer Science. Born and raised in Varese,Italy, he came to MIT with interests in computational algebraic geometry, machine learning, cryptography, and systems security. He has authored papers such as "Generalizing Regev's Cryptosystem", which proposes a new cryptosystem based on shortest vector problems in cyclotomic fields. He is currently working with Oracle's Database Security group.

Disqus for ePayment News