Another group cracks CharlieCard security
By adamg on Wed, 10/08/2008 - 8:50am
ArsTechnica reports Dutch researchers claim to have broken the encryption used to protect information on CharlieCards and similar systems:
... The group at Radboud carried out its investigation with the help of Ghost, a tag emulator, reader, and eavesdrop device that they built for around 40 euros. ...
The company that makes the CharlieCard system has come out with a more secure encryption system, but it's more expensive and making it backwards compatible with older readers actually introduces more vulnerabilities, ArsTechnica writes.
Topics:
Free tagging:
Ad:
Comments
Paper taken down?
The ArchTechnica article links to http://www.sos.cs.ru.nl/applications/rfid/2008-eso... , but that web server no longer exists.
No, it's still up...
... I just downloaded the paper.
This is now redirected to the host at Radboud University's Faculty of Science; it's the Digital Security section.
I suspect that the original CS department server was slashdotted and they moved Digital Security to the larger-capacity server.
The Vendor Owns This
It would be interesting if the T sued the vendor and made them provide as secure a system as they orginally promised/sold to the T.
I'd love to see all the sales presentations they made, their proposals, etc. Because the vendor was either over optimistic and oversold the security of the product, or the people in charge of buying the system didn't understand what they were doing or buying and didn't do Teh Google to learn.
Maybe the MBTA
can just start making its own currency again and people can "invest" in the public transportation system again!
Token effort?
Wouldn't that be just a token effort? Instead of dividends, would you get never returns?
Should Mifare be run out of town on a rail?
And if so, what kind of system would we transfer to? Will the T throw NXP Semiconductor under the bus?
And the occasional ham
And the occasional ham sandwich thrown through the window; tuna fish on Fridays....
Mifare cracked
I thought Mifare being cracked by the Dutch was old news by now... like, news from last year...