CharlieCards

Charlie came to life today, ambling about town to promote Charlie Cards and the new air-conditioned Charlie service center at Downtown Crossing.

At the Public Garden, Charlie posed with tourists and handed out CharlieCards as souvenirs to little kids who had no idea what to do with them. "It's a CharlieCard!" T General Manager Jonathan Davis helpfully told one tot.

Then, once enough tourists had shown up, Charlie got on a Swan Boat and went for a ride. We didn't stick around to see if he ever returned, no, we don't know if he ever returned.

Ed. note: Don't worry: The Mass. Bay Credit Union paid for the suit, which has a built-in fan and a vent in the hat, but which still proved to be wicked hot enough on a day like today to force Charlie to take periodic breaks and take his head off.

First, get some acetone.

H/t AlertNewEngland.

Boston to a T snapped this fare machine at Park Street today. In a word: Wha?

The Boston Business Journal reports the MBTA plans to go ahead with an idea from a local startup - which the T says, however, is not guaranteed the contract to implement it all.

Ed. question: Didn't the old T passes sometimes have ads on them? The article doesn't answer the question of how to avoid Coraline-like ads on cards designed to last a decade.

A concerned T rider files this report via e-mail:

CharlieCards seem to be expiring today in spite of the promised extension.

This morning, my everyday card with a monthly pass on it came up as "EXPIRED" and wouldn't let me in. The attendant at Davis said that this was happening a lot - he gave me a new card, told me to go to Downtown Crossing to get the pass transferred over, and to tailgate someone to get in this morning.

A dozen or so of my co-workers have mentioned having the same thing happen today. Did the promised extension not happen? I thought my card's expiration had been reset to some time in 2013, but I can't even check any more - the fare vending machines immediately refuse to have anything to do with an expired card. I'm wondering if the card expiration the FVM displays got updated, but some other expiration date didn't. Similarly, the card has disappeared from the my account in the online MyCharlie system entirely.

CharlieCards have a five-year expiration date, as Ron Newman discovered. Since they were introduced in late 2006, that means lots of them are going to be expiring soon. Any value you have left on an expired card won't just go poof, however. MBTA spokesman Joe Pesaturo says:

T riders may have the value on their expiring cards transferred to a new one at the T's Customer Service windows at Downtown Crossing (in the underground corridor across from Macy's). We'll be launching a public information campaign very soon.

UPDATE: Pesaturo adds: "Customers with stored value only on their CharlieCards need not worry. Their CharlieCards will be good for another two years past this fall's expiration date."

Kathleen proposes:

Limited edition Charlie(Sheen) Cards to get the MBTA out of debt. It could work. Brilliantly.

Afertig suggests an enhancement:

Should blare "Winning!" when you tap your card instead of beep.

Harold M. Clemens reports he wanted to reward a cool harmonica and guitar player on an Orange Line platform at Downtown Crossing yesterday, but realized he couldn't, because he had no change:

... in an instant I recognized what must be an externality - Charlie Cards have likely put a pinch on pan handlers, curb-side musicians and others. to be more specific: since automated machines have obsoleted the exchange of petty cash at train stations, passengers probably have less exchange change, if any at all, to give to impromptu performers.

that's kinda messed up and not only because of the human element of it. curb-side performers are often good entertainment and pleasant background noise while waiting for transportation. it's safe to say they've become hallmarks of many major cities. ...

For your basic crime-obsession needs, nothing beats MassMostWanted, where you get a daily dose of ne'er-do-wells doing, well, ne'er. Of late, I've noticed a common theme among many of the reports on people wanted for stealing credit cards, such as this report:

Arlington has had 3 motor vehicle breaks where wallets were stolen and the credit cards were used in Boston and Cambridge. The suspects use the cards to purchase Charlie Cards on the T, travel into South Boston, use the cards at 7-11 stores and gas stations to purchase cigarettes, Marlboro and Newport. They then take the T back to Cambridge where they use the cards in Harvard Square, C'est Bon Market, 7-11's and Hess Gas.

Complete with photos of a couple of the alleged perps at a T stop.

Step-by-step directions - acetone is involved.

Funktionslust reports that if you put a CharlieCard in acetone for about 20 minutes, all of the plastic dissolves and what you're left with is some strands of copper (which act as an antenna) and the RFID chip that does all the magic. Photo.

Tomorrow, she plans to try it out to see if it still works.

UPDATE: It does.

Bess Lomax Hawes, who wrote "Charlie on the MTA," has died at age 88, the Globe reports.

More versions:

CharlieCard Discount Book.

Via BostonTweet.

The Executive Office of Transportation says that, effective immediately, student CharlieCards on the T are now good until 11 p.m. on weekdays - three hours longer than before, in a program aimed at letting kids participate in after-school programs that run late.

The office also says it is looking at creation of a new Youth Pass - available to anybody through age 21.

The T reports CharlieCard users can now renew or replenish their cards online, by setting up a MyCharlie account.

The new system lets monthly pass holders have their cards get renewed automatically and lets users get replacement CharlieCards for lost or stolen cards. T General Manager Dan Grabauskas said:

With this new technology, customers who register their CharlieCard receive a replacement free of charge. That was a legitimate customer concern that today is an issue of the past.

Doug reports how he got two monthly express-bus passes for the price of one, thanks to a quirky card vending machine.

This morning, NONE of the faregates at North Station subway were accepting monthly passes. Instead, they had a single CSA manning the 'Reduced Fare' faregate, and you flashed your pass at them as you went through.

Also, the ticket machines were apparently not accepting debit cards today, as the single CSA at the gate was yelling to people who were having problems with the machines. And yes, there were no other CSAs in sight near the machines to actually help those people who had trouble.

Let's say you're using the toilet and as you get up, but before you flush, you realize your CharlieCard has somehow fallen into the bowl. Do you retrieve it?

ArsTechnica reports Dutch researchers claim to have broken the encryption used to protect information on CharlieCards and similar systems:

... The group at Radboud carried out its investigation with the help of Ghost, a tag emulator, reader, and eavesdrop device that they built for around 40 euros. ...

The company that makes the CharlieCard system has come out with a more secure encryption system, but it's more expensive and making it backwards compatible with older readers actually introduces more vulnerabilities, ArsTechnica writes.

Maybe a slight exaggeration, but this completely caught me off guard. Charlie Card = Discount Card, and the discounts aren't bad at all.

"Just show your CharlieCard to save!

Take a look through our new CharlieCard Discount Book below - it's packed with deals you can't pass up - from arts and entertainment options, restaurants, retail stores, health and fitness services, and more! Plus, most of the listings are easily accessible by the T.

-If you don't have a CharlieCard, you can purchase a pre-loaded card here, pick one up from our MBTA Customer Service Agent, or get one at our T sales offices at Back Bay, Downtown Crossing, Harvard, North Station and South Station. And start enjoying great service and great deals while using your CharlieCard!"

www.mbta.com/riding_the_t/CharlieCard_Discount_Book/

And please no bitching about how the MBTA could have used the money elsewhere, it's likely this didn't cost them a dime.

Seems the software behind CharlieCard readers was built in Microsoft Visual C++. And guess what? It's not immune from crashing. Zeroday posts the photographic proof from the Central Square station.

Associated Press reports they can now talk about their own documents, the ones the MBTA put into the public record, on insecurity at T stations and with the CharlieCard and CharlieTicket system.

Via Dave Wieneke.

Electronic Frontier Foundation: The Court found that the MBTA was not likely to prevail on the merits of its claim under the federal Computer Fraud and Abuse Act.

Dan Kennedy: [N]ot much of a victory for the First Amendment:

... It makes a mockery of the principle that prior restraint is to be reserved only serious issues of national security, obscenity and incitement to violence.

EVIL MIT HACKER steathily infiltrates the T with EVIL MIT HACKER SHOPPING CART (Source).

In focusing on the OMG EVIL MIT HACKERS angle (but also, to give them credit, the First Amendment/prior restraint angle), the media are completely overlooking the first part of the students' presentation, which discusses how easy it is to get on the T for free without using EVIL MIT HACKER WAREZ, such as, for example: Walking through unattended Charliegates and Green Line rear doors, looking through the windows in those high-tech all-seeing security kiosks, walking into unlocked rooms at Park Street that house switches connecting Charliegates to the MBTA network, etc. In case you missed it, Kaz has more.

For some reason, Dan Grabauskas doesn't seem upset about this, or maybe reporters just aren't asking him about it, because it's not as sexay as OMG EVIL MIT HACKERS or they haven't actually read the presentation themselves, or both.

UPDATE: The MBTA won a temporary restraining order that will keep the students from discussing their findings. Read the judge's order (in PDF). Read the MBTA complaint (in PDF).

Wired reports the T wants to stop three MIT students from giving a talk at a hacker convention this weekend on their efforts to crack the CharlieCard system.

The transit authority, known as the MBTA, is also seeking to prevent the students from "publicly stating or indicating" that electronic passenger tickets used on the transit system have been compromised until the MBTA can fix security flaws in the system. It further seeks to bar the students from releasing any tools or providing any information that would allow someone to hack the transit system and obtain free rides.

A hearing is scheduled for 11 a.m. in U.S. District Court in Boston on the T's request for a temporary restraining order to keep Zack Anderson, RJ Ryan and Alessandro Chiesa from giving a talk at the DefCon conference in Las Vegas on Sunday on The Anatomy of a Subway Hack: Breaking Crypto RFID's and Magstripes of Ticketing Systems:

In this talk we go over weaknesses in common subway fare collection systems. We focus on the Boston T subway, and show how we reverse engineered the data on magstripe card, we present several attacks to completely break the CharlieCard, a MIFARE Classic smartcard used in many subways around the world, and we discuss physical security problems. We will discuss practical brute force attacks using FPGAs and how to use software-radio to read RFID cards. We survey 'human factors' that lead to weaknesses in the system, and we present a novel new method of hacking WiFi: WARCARTING. We will release several open source tools we wrote in the process of researching these attacks. With live demos, we will demonstrate how we broke these systems.

Human factors? So they managed to sweet-talk some T employees to inadvertently help them out.

Anderson told the Register the trio initially contacted the T to offer their help in fixing the vulnerabilities and that they weren't planning to release specific enough details to let somebody else replicate their feats.

Montreal's transit authority is replacing its paper tickets with a CharlieCard-like system. Chris DeWolfe, a reporter at the Montreal Gazette, is writing a story about the new Opus Card (OK, I really have no clue if it'll feature a penguin):

Part of my story will look at how the names of smart cards in other cities have been derived from or have become part of the local pop culture. Naturally, I'm very interested by the CharlieCard.

So, what do you think about the T naming its pass after a character in a song protesting the T's predecessor? I told him the song is such a part of local character, the question is almost more how could the T even think of naming it anything else, but what do I know? You can e-mail Chris with your thoughts on the name or post them here.