Android NFC hack enables travelers to ride US subways for free, researchers say

The researchers who developed the application said transit systems in other US cities could be vulnerable

By Loek Essers, IDG News Service |  Security, Android, NFC

An adjusted version of the UltraReset app, dubbed UltraCardTester, was made available for download by the researchers on Thursday to enable people to test their local transit system's security. UltraCardTester has the same abilities as UltraReset but isn't able rewrite the card. The function was taken out so people don't abuse it, Benninger said.

The app is, however, able to see if the bits are turned on or not, he added, saying that this gives a good indication whether the system is vulnerable. "But you won't be able to check the back end," Benninger said.

The vulnerability could be fixed relatively easy, according to the researchers. Transit companies could use a more secure chip, or adjust their back-end systems to make sure the bits in the cards are turned on when travel units are used, they said.

"Our purpose is not to rub anybody's nose in," said Sobell. "We just want to raise awareness for an issue that potentially could affect many systems."

Loek covers all things tech for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness