Article 6EBN3 NYC’s transit agency disables feature that made it possible to track subway riders

NYC’s transit agency disables feature that made it possible to track subway riders

by
Will Shanklin
from Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics on (#6EBN3)

New York City's Metropolitan Transportation Authority (MTA) announced today that it's disabling the feature" on its website that made it possible to track people's movements by entering their credit card info. The MTA says it's turning off the seven-day history feature for OMNY as part of its commitment to privacy.

This feature was meant to help our customers who want access to their tap-and-go trip histories, both paid and free, without having to create an OMNY account," MTA spokesperson Eugene Resnick wrote in a statement to Engadget. As part of the MTA's ongoing commitment to customer privacy, we have disabled this feature while we evaluate other ways to serve these customers."

b537a220-4836-11ee-97ff-ff0c3a5074f0MTA

The OMNY website included a page (screenshotted above) where passengers could enter their credit card number and expiration date to view their seven-day point-of-entry history across NYC's subways. Although intended to provide convenience for users, it was also a gift for abusers," as Eva Galperin, the Electronic Frontier Foundation's director of cybersecurity, described it to Engadget. Joseph Cox of 404 Media, which originally reported on the security hole, successfully tracked someone's entry points (with consent) using their card info. If I had kept monitoring this person, I would have figured out the subway station they often start a journey at, which is near where they live," Cox wrote. I would also know what specific time this person may go to the subway each day."

The feature opened the door to stalkers, abusive exes or anyone who got a person's credit card to find out where and when they entered the subway. The feature didn't require a PIN or password; although a separate section allowed travelers to create a more secure account, it was buried farther down the page.

This article originally appeared on Engadget at https://www.engadget.com/nycs-transit-agency-disables-feature-that-made-it-possible-to-track-subway-riders-195003276.html?src=rss
External Content
Source RSS or Atom Feed
Feed Location https://www.engadget.com/rss.xml
Feed Title Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
Feed Link https://www.engadget.com/
Feed Copyright copyright Yahoo 2024
Reply 0 comments