August 20th, 2008 by
Filed under: Transportation, Wireless
No surprise here, but the kids from MIT were (presumably) right all along. The three students who were muffled just before presenting their case at Defcon have finally been freed; the now-revoked gag order had prevented them from exposing insecurities in the Massachusetts Bay Transportation Authority ticket system, but during the same court setting, the MBTA fessed up and admitted that its current system was indeed vulnerable. Of note, it only confessed that its CharlieTicket system was susceptible to fraud, while simply not acknowledging any flaws in the more popular CharlieCard option. Pish posh — who here believes it doesn’t have dutiful employees working up a fix as we speak?
Read | Permalink | Email this | Comments
Posted in university, hack, court, legal, mit, rfid, mbta, mass transit, MassTransit, judge, black hat, BlackHat, defcon, boston, charliecard, gag order, GagOrder | No Comments »
August 10th, 2008 by
Filed under: Misc. Gadgets, Transportation, Wireless
Defcon already delivered by exposing California’s FasTrak toll system for the security hole that it is, but that’s not nearly all that’s emerging from the Las Vegas exploitation conference. For starters, a plethora of medical device security researchers have purportedly figured out a way to wirelessly control pacemakers, theoretically allowing those with the proper equipment to “induce the test mode, drain the device battery and turn off therapies.” Of course, it’s not (quite) as simple as just buzzing a remote and putting someone six feet under, but it’s a threat worth paying attention to. In related news, a trio of MIT students who were scheduled to give a speech on how to hack CharlieCards to get free rides on Boston’s T subway were stifled by a temporary restraining order that the university snagged just before the expo. Don’t lie, you’re intrigued — hit up the links below for all the nitty-gritty.
Read - Pacemaker hack
Read - Massachusetts Transit Authority sues MIT hackers
Read - Restraining order on said hackers
Permalink | Email this | Comments
Posted in university, hack, lawsuit, sue, suit, mit, health, medical, pacemaker, mass transit, MassTransit, black hat, Black Hat 2008, BlackHat, BlackHat2008, defcon, defcon 2008, Defcon2008 | No Comments »
August 7th, 2008 by
Filed under: Transportation
Ah, Black Hat. How we adore you. Each year there’s always one speaker who shows up and completely undermines something that most people assume is rock solid. This year, our pals at Hack-A-Day were in attendance to hear Nate Lawson expose California’s FasTrak toll system for the security hole that it is. Essentially, toll transponders that are purchased and slapped onto vehicles offer up exactly no authentication, meaning that anyone with an ill will and an RFID reader could wander through a parking lot and lift all sorts of useful information. Think it can’t get worse? The transponders reportedly support “unauthenticated over the air upgrading,” which means that each tag could be forced to take on a new ID if the right equipment was present. We don’t have to spell out “potential disaster” for you, now do we?
[Image courtesy of Mindfully]
Read | Permalink | Email this | Comments
Posted in hack, rfid, california, black hat, Black Hat 2008, BlackHat, BlackHat2008, FasTrak, toll | No Comments »
