Charlie Cards may soon be virtually worthless
Stand up and take a bow, MBTA. The CharlieCard (actually a MiFare Classic) uses simplistic proprietary encryption that has been broken twice. Had the MBTA spent a few extra clams on the version that uses strong encryption, this wouldn't be an issue- and everyone is screwed, because readers installed in thousands of fareboxes aren't compatible with the better cards.
In a few months (when the research is released), your CharlieCard may be virtually worthless- anyone with a college course or two in electronics will probably be able to read, modify, erase, or clone your card- and it'll be trivial to track you using your card. The MBTA will most likely dismiss it on the false claim that you have to "tap" a card to read it; too bad that the read distance is dependent on the reader (mostly the size of its antenna), not so much the card.
This is the kind of brilliance we can expect from a transit system which still doesn't let you load your card with money online (after all, this puts MBTA money men out of jobs) or see a history of usage (ie to verify that you haven't been ripped off- I've been double-charged at gates all the time.) Then there's the gates which are worse than standard turnstiles in almost every regard, and emit ear-piercing noises to boot.
At least you'll only be at risk for what's on the card (or losing your monthly pass): in other transit systems, the cards can be linked to your credit card!
- Add new comment |
- Send to friend |
| 
| 
| 
This is a bit sensationalistic
The MBTA went with what was proven technology at the time -- London's Oyster Card uses the same chip. Also, most of the protection against fraud is probably in the back-end database rather than the card or the gates.
It's not "proven" technology
I don't expect Joe Public to understand it, but for decades it's been proven that proprietary encryption is virtually worthless. It was theorized in the *eighteen hundreds* that cryptography methods should be released publicly to assure that they were secure enough. DES and AES, for example, are completely public and have largely withstood concerted examination by cryptography experts worldwide.
There are two primary reasons why proprietary encryption is worthless: 1)it hasn't stood up to scrutiny of public review, and 2)even large corporations don't have the manpower or talent to devise good encryption. Decades of man-hours by people top in their field are involved. If you want a great example of how even major corporations and industry groups can fuck something up, look no closer than WEP (Wireless Encryption Protocol), which can be broken by someone with a decent laptop and basic UNIX skills in a matter of minutes. WPA/WPA2 are better, but still breakable.
Mifare/NXP/Phillips offered a more secure version. The MBTA (and other transit systems) all chose the cheapest option, relying on what we computer people call "security through obscurity", a concept even the most inexperienced security researchers and professionals recognize have recognized for more than a decade as useless. Now their bet has been called.
The danger won't really be from lone hobbyists; it'll probably be from organized crime.
BTW the E in WEP doesn't
BTW the E in WEP doesn't stand for encryption. It's "Equivalent". WEP was never designed to be encryption. In fact the W is for wired, not wireless.
P for Privacy
not for protocol
wow
Amazing how the experts come out when you have a minor and un-related brain-fart.
I'd fix it, except I can't seem to.
to add a very small silver
to add a very small silver lining...
the stupidly expensive new gates are way better than turnstiles at rush hour. they probably save me 2 minutes a day.
um, that is all...
..Um took you two minutes to
..Um took you two minutes to get through the old turnstiles?...
Never seemed to have that problem… Love how the new ones can freeze up in cold weather, or just flat out reject your card, even after multiple tries, while the gate next to it is fine. The system is very buggy to say the least, and I don’t see how it was thrown into a public beta test with the entire public.
Oh, and BTW, where the hell are the online functions to tie a card to a person, and allow them to consolidate multiple tickets online onto your card. Oh, that’s right, The MBTA promised it, but had no expectation to keep that promise.
You want online top-up and no link to credit card?
You seem to be complaining about the lack of online access to your card whilst also being thankful that the card is not linked to a credit card. Seems a little contradictory.
To put it simply....
This UV Grad student has done nothing more than peel back one of some 1,000 layers covering the smart chip. Fear not CharlieCard holders. You are far more at risk using your debit card at Store 24.
Does anyone here bother to read the links?
You assumed I was talking about the guy who ground down the chip to analyze its circuitry (a common reverse-engineering technique, used mostly by corporations studying each other's ASICs looking for patent infringement.) I'm not. Furthermore:
-There aren't "1000 layers covering the smart chip". Semiconductor structures contain a fraction of that number of discreet layers, particularly for such a simplistic and cheap device. It is necessary to do thousands of slices to get an accurate 3D map of the structure, since you don't know how high/thick individual paths are.
-What the US grad student researcher did was to "map" the chip and reverse engineer the way it works. It's not necessary to do the reverse-engineering to exploit the encryption each time or for each card.
-The circuit reverse-engineering work is in ADDITION to the work done by German groups; German researchers presented their work in December 2006 but left out the majority of details to give time for organizations to move off the technology. They're releasing full details in a few months on how to break said encryption- no physical access to the card required.
But the point is....
At the end of the day, the research conducted by these students won't have any affect whatsoever on a CharlieCard holder. Period. The CharlieCard chip does NOT employ RFID technology.
what??
What do you think is in a CharlieCard, if not an RFID chip?
If your comment was supposed to be a joke, you failed.
Adam, required login for commenters can't come too soon here.
Cracking not demonstrated
There hasn't been a demonstration yet of effective cracking, only a statement that one aspect of the encryption has been broken. The company that makes the card denies that it's been effectively broken. I've written about the issue here.
RFID
Apparently you are not aware of this fact: Not every smart card uses RFID technology. That's a fact. and that's the case with the CharlieCard chip.
Could you explain that further?
When I tap my CharlieCard to the farebox or gate, it doesn't have to actually touch the farebox or gate. It even works through a glove or a wallet. So tell me, if this isn't using radio waves, what is it doing?
Phlogiston
Gotta be the phlogiston.
Duh, Osmosis!
Duh, Osmosis!
I got it
Quantum entanglement.
Gotta be.
How about tunneling?
That would be appropriate for a subway system being run into the ground.
From Wikipedia's page on MiFare
The MIFARE proprietary technology is based upon the ISO 14443 (RFID) Type A 13.56 MHz contactless smart card standard.
It is public knowledge that the CharlieCard is a MiFare Classic or "Standard" card.
Charlie Card uses RFID
Anonymous: The Charlie Card is in fact RFID-based. Perhaps you're confusing it with the Charlie Ticket?
The sky isn't falling yet
I agree that this is a cause for concern, but its premature to be getting fatalistic about this. We're still a good bit away from the cards even being compromised in theory, and even further away from it being usefully compromised in practice. Its something to watch closely, and I hope the MBTA is sweating this because its a concern, but the sky's still securely in place for the time being.
You know what form of fare
You know what form of fare media doesn't rely on encryption? Tokens.
you know what form of fare
you know what form of fare media doesn't let 7 people through for the price of one? tokens.
you know what form of fare
you can figure out how much you have of, just by looking at it?
tokens.
On the other hand...
what form of fare media was easiest to abuse? Paper bus transfers, which were rarely marked with time of day and route number, and even more rarely examined when you handed one to the driver.
There were also a bewildering number of paper transfer types, each with their own rules: bus to bus, subway to #39 bus, #39 bus to subway, subway to #49 bus, #49 bus to subway, #1 bus to Orange Line, Orange Line to #1 bus, and finally CT bus to subway (but not the other way).
That's the T, not the paper
I grew up in a city where bus-to-bus transfers were incredibly common and easy to use and even time-stamped. And this was before computers. It can be done.
But your city didn't have bus<->subway transfers at all
until the entire system was converted to Metrocard. They also took a full ten years from selling the first Metrocard to accepting the last token. (The final lagging holdout was the Roosevelt Island tramway.)
That's true
And that was that city's problem. It could have been easily handled - for years, you'd get a bus-transfer-like ticket good for a return trip on the subway on Sunday.
I guess my point was that you don't need a fancy-shmancy RFID-based computer system to allow transfers - just some good policies.
NYC Subway
Having just returned from New York last week, I can attest to the fact that the MetroCard system is smooth in operation. Easy to figure out, easy to use, never saw anyone with a problem. I also had opportunity to use a paper transfer when boarding a bus in Brooklyn, after having been in the subway. No problem there, either.
I'm sure the NYC system isn't perfect, but it puts Boston to shame.
Suldog
http://jimsuldog.blogspot.com
"it'll be trivial to track you using your card"
Brett--it's my understanding that CharlieCards don't store any info on where you've been, just your unique card number.
To connect that number to your ridership history (or payment info, or any other data the T collects about you), somebody would have to hack (or subpoena!) their way into the T's databases. How tough that would be, you'd have to ask Joe Pesaturo.
They could clone your card, though. And if the T ever sets the system up so that your card automatically gets a refill when it gets low, they could sponge off your bank account.
That right?
not quite true
The CharlieCard has to know where you've been most recently. If you're using stored value, the card must know that you've used it to ride a bus within the last two hours, so it can give you the 45-cent transfer to the subway. If you're transferring from one bus to another, it has to know which bus route you started on, so that it can prevent you from transferring to the same bus route again. The bus farebox is not connected in real time to the back-end database, so this information has to be on the card.
Similarly, if you have a monthly pass, the card knows when you last used it to enter a station, so it can prevent you from using it again at the same station within 20 minutes.
If you give your CharlieCard to a customer service agent, she can punch some special code into the vending machine that will display your most recent trips.
i stand corrected
Thanks Ron. I feel better already, knowing that my RFID paranoia is even more justified than I thought it was. *grin*
Do they make you show an ID to get your recent trips? If not, that'd be a great way to keep tabs on what sort of shenanigans your employee/S.O./kid/elderly parent/etc. has been up to. *rolls eyeballs*
show an ID? no
What I've seen is the customer service agent tapping her special employee CharlieCard to the machine, then tapping your card, then entering some sort of PIN on the keyboard. The screen then displays your last 10 or so uses of the card. So, if you went in the wrong side of Central by mistake, she can see that you just did that, and let you in the proper side without charging you again.
I'm guessing that your last trip is encoded on the card, and earlier trips are retrieved from the back-end database.
Asking for an ID wouldn't accomplish much, anyway, since cards aren't currently registered to belong to a particular person.
a way around the privacy policy?
I guess the recent whereabouts of an anonymous CharlieCard (which just happened to be in some particular person's pocket) aren't considered Personally Identifiable Information?
I doubt that means they wouldn't hold up in court as evidence. I can easily imagine police asking for the recent location data from a freshly-nabbed suspect's CharlieCard, or someone presenting their spouse's whereabouts in a divorce case.
From the MBTA's Privacy Policy:
#5. No Unrelated Third Party Is Given Access To Your Personally Identifiable Information
We do not share with unrelated third parties any Personally Identifiable Information that you provide. By “unrelated third parties” we mean anyone who is not involved in providing AFC services, running this Site, or fulfilling requests you make concerning this Site or the AFC System. Personally Identifiable Information that we collect will be disclosed only to MBTA employees, officials or service providers on a “need to know” basis for purposes of fulfilling their responsibilities to the MBTA. They will only use the information to answer your questions, respond to any requests for assistance, and fulfill the MBTA’s operational and legal obligations. Where appropriate, we may provide the information submitted by you to the person or company that is the subject of your inquiry, or to a government agency responsible for the matters referred to in your communication. In cases where we disclose your Personally Identifiable Information to related third parties who work with us to provide you with services, we will require such party to protect your information and abide by this Privacy Policy.