Operation Charlie: Hacking the MBTA CharlieCard From 2008 to Present
owl writes:
Archive link: https://archive.vn/Pfc6Q
The CharlieCard is a contactless smart card used for transportation fare payment in the Boston area. It is the primary payment method for the Massachusetts Bay Transportation Authority (aka MBTA or the T) and several regional public transport systems in the U.S. state of Massachusetts. Nearly 15 years after a group of MIT students first publicly disclosed security vulnerabilities in the CharlieCard, I am publicly disclosing that it is possible using only an Android phone to:
- Have a replacement CharlieCard delivered to a listed address, without paying
- Provision a new CharlieCard with funds, without paying
- Steal anyone's CharlieCard with a single physical tap of the card against a phone in a matter of seconds
This post will tell the story of the CharlieCard, complex system design, how vulnerability likelihood and severity can change with rapid changes in technology, the importance of OSINT (Open-Source Intelligence) monitoring and threat intelligence, and the process of responsible vulnerability disclosure to a government agency without a Vulnerability Disclosure Program.
Read more of this story at SoylentNews.