Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aussie Researchers Crack Transport Crypto, Get Free Rides

Posted by timothy on from the dirty-socialists dept.

mask.of.sanity writes "Shoddy customised cryptography by a state rail outfit has been busted by a group of Australian researchers who were able to replicate cards to get free rides. The flaws in the decades-old custom cryptographic scheme were busted using a few hundred dollars' worth of equipment. The unnamed transport outfit will hold its breath until a scheduled upgrade to see the holes fixed."

6 of 88 comments (clear)

  1. The way I read the headline by Ukab+the+Great · · Score: 5, Funny

    Aussie crypto researchers transporting crack get a free ride.

  2. Happening everywhere? by Anonymous Coward · · Score: 5, Informative

    Governments give these contracts to retarded companies, simply because they offer to do it for a lower price than "proper" companies would.

    Same exact thing happened in the Netherlands, Trans Link Systems got the contract for the "Public transit chip card", it was hacked in a week. An improved, "unhackable" version was also cracked when it was released.

    The problem with these companies mostly is that they think security through obscurity actually works, which is pathetic.

    1. Re:Happening everywhere? by Kergan · · Score: 5, Insightful

      The problem with these companies mostly is that they think they've come up with better cryptographic security than tried and tested solutions, which is pathetic.

      FTFY.

  3. Re:This message brought to you by... by hattig · · Score: 5, Insightful

    So shoddy that it worked fine for "decades". As one of the researchers said - it was designed before he was born.

    Even if a few people had previously worked out their way around it, they could hardly mass-market their cloned cards on the market, and thus the number of users was always going to be rather limited - and probably not worth replacing the current system to deal with.

    Now technology has got to the point where the average person could abuse the system, so I guess the system will get an upgrade soon.

  4. Presentation Slides by Catchwa · · Score: 5, Informative

    Can be found here.

  5. Re:Link to the presentation by Anonymous Coward · · Score: 5, Insightful

    Almost guaranteed that the rail systrem is the City Rail, the NSW rail system. Their ticketing system is a nightmare, and has been the subject of multiple botched upgrades over the last couple of decades, costing millions of dollars. The latest plan is to upgrade to London's "Oyster Card" technology (renamed Opal card), but I'll believe it once I see it. The current tickets are just a piece of cardboard/plastic with a magnetic strip. Trivial to read, and most likely (as has been found out) trivial to decode.

    In fact, when you do the numbers, it would be cheapest for the NSW government to abolish ticketing all together. The money saved on the (absence of a) ticking system and the reduction in road use would exceed the current revenue from tickets.