By adamg on Thu, 08/14/2008 - 12:58am Janice Loux distributes a report by those MIT students, calls for an external audit, the Globe reports. Neighborhoods: Topics: The TFree tagging: MIT, CharlieCard Tweet WidgetFacebook Like Comments I'm not surprised I recall reading somewhere that the MBTA could have bought the more secure version of the CharlieCard system (reference, anyone?), but went with the cheaper one. I figured this was the primary factor in the MIT hack. You get what you pay for. As a rider, I mostly like Charlie Being able to buy any pass, at any station, at any time = Good Wide gates that I can roll a bicycle through = Good Single fare for all subway rides = Good Free bus-to-bus and subway-to-bus transfers, 45-cent bus-to-subway transfers = Good Not having to carry pocketsful of exact change for bus rides = Good Fare vendors that (usually) accept credit and debit cards = Good Flimsy CharlieTickets that don't read well as they get old = Not Good Credit card and debit cards sometimes failing in vending machines = Not Good Express bus and commuter rail passes still on CharlieTicket instead of CharlieCard = Annoying Feeding dollar bills and coins into the new fareboxes = Very Bad I dunno what subway you take... Being able to buy any pass, at any station, at any time Not on the Green surface stops. Wide gates that I can roll a bicycle through Not on the Green line and not on the other lines during rush hours Single fare for all subway rides Unless you use cash or CharlieTicket, then it's more Transfers... No argument there. If there's only one thing that the new system did right, it's tracking your transfers...well, unless you step out of the stop and try and go back in No exact change for buses Unless your card is empty, then you get to stand there holding everyone up while you tap, push, insert, push, tap, push, tap like it's a Dance Dance Revolution game Fare vendors accept credit/debit Unless it's the first/last day of the month, you know, when everyone needs it to work right. Or one of the ones that says it doesn't take credit/debit...with 3 tourists trying to figure out what's going on. Also, the green line frequently doesn't empty the fare boxes so the dollar bill holder fills up (especially around the start of the month when monthly passes die before you think about it to renew it). Then you're standing there with no way to put money on your card and no way to pay your fare. Often this means a free ride (mark this down as another "hack" of the system if you ride the green line). I take mostly the Red Line and I realize that bicycles are not allowed on the Green Line, but that doesn't have anything to do with the Charlie system. By that logic Then by that logic, you also didn't need the Charlie system in order to get wide enough gates to roll your bike through. A token can open a gate just as easily as a tap card. Bicycles and turnstiles It was a real pain to bring a bicycle onto the Red (or Orange or Blue) Line with the old turnstiles. Either I had to lift the bike over the turnstile, or I had to leave the bike on the outside, walk through, and then open the service gate to get the bike, or I had to bother a T employee to have the service gate opened for me. With the Charlie system, all I have to do is use the wide gate. What I say for bicycles also applies to fold-up ('granny') shopping carts, strollers, walkers, wheelchairs, wheeled suitcases, etc. Right I understand that. What I'm saying is that your new found ease of use is a function of replacing turnstiles with electronic gates, not a function of the CharlieCard system that opens the gate. A token in a slot could just as easily open the same gate had they chosen to replace the turnstiles before implementing a tap card system. If bikes on the green line isn't a function of the CharlieCard system as you rightly point out, then crediting the CharlieCard system with making it easier/better for you to bike onto the Red Line is hardly much more fair. It was happy coincidence. That's all I was trying to say. I more than recognize that the implementation of the CharlieCard system enabled the replacement of the turnstiles however. Unless it's the first/last Unless it's the first/last day of the month, you know, when everyone needs it to work right. Or one of the ones that says it doesn't take credit/debit...with 3 tourists trying to figure out what's going on. Then why not buy your monthly pass some other time? You can start purchasing them starting 15 or so days before then next month... or you can have them send you a new one each month in the mail. Just an idea. Payroll deductions and funny debit cards Some people get their employee transit benefits in the form of a credit or debit card that receives its money on the first day of each month. The employees have to use the card on that day to buy that month's pass. Cynical Quite frankly, I really feel like regardless of how the T encodes any magnetic strip/computer-based system, some MIT kid(s) will find a way to hack into it. If they can get a fully-assembled police car onto the roof of their Great Dome, or can sneak into Harvard Stadium and hide a weather balloon under the turf at the 50-yard line and rig it so that it emerges during the Harvard/Yale game, they can certainly find a way to compromise the Charlie Cards. Too much credit The nice thing about good encryption is the computer can do the algorithm necessary to read the encrypted data because neither the card nor the computer needs to know enough to actually solve the algorithm. That makes it impossible to see what's going on if it's encrypted properly. The only option then is to try and brute force the method by trying all possible combinations until you can start to line up a few possibile algorithms. For example, if you know that A=1, B=2, and M=13, then you can probably deduce that Z=26. But if all you know is A, B, M, and Z are possibilities, you're going to have to try A=1 and B=2 as well as A=26 and B=25 as well as every other combination of numbers and letters. Now, what that meant for the MBTA was that they used a 6-bit checksum for validation. 6 placeholders each that could equal either 1 or 0. That means 2*2*2*2*2*2=64 possibilities. You could encode 64 cards with the same amount of money and all of the different checksums possible on each card...and eventually you'll find the checksum that equals that money amount's validation code and the card will read correctly....all without knowing anything about the algorithm! That's why *real* encryption these days isn't 6-bit, it's 256-bit. Without going into the details, 256-bit encryption won't likely be brute forced in the lifetime of our sun. There are just too many possibilities. As the MIT students point out, you don't even need to go to that length for protection of a fare card. Even 16-bit would mean over 65,000 possible checksums to try and would keep the fare system from being gamed by brute force. Wow. I think my mind just exploded. I'm a right-brainer (my left brain retired ages ago), so all this information is Greek to me. But I'll take your word for it. I'm just saying MIT kids are wicked smaht, and I feel like they could find a way if they wanted to. I mean, if life could find a way to reproduce with all females in Jurassic Park, MIT students can find a way. That's right, I trust anything I see in the movies. :-) Another way to think about it If MIT students could hack a modern encryption scheme instead of the garbage employed by the MBTA on CharlieTickets...then they'd also be smart enough to use that knowledge to rob your bank account instead of trying to create a few hundred dollar MBTA cards. :) I suppose... ...but if they actually did do all the hard work to hack into my bank account, they'd be sorely disappointed when they find out how much money is actually in there. If they want to try, fine. But they'd better prepare for nothing more than a meal at Arby's and a two-night stay at the luxurious Motel 6. I guess what I was getting at is that someone, somewhere, had to have come up with the enhanced encryption to begin with, and who better to hack into that than MIT students? I could be wrong. But again, I know nothing about encryption other than that I'm happy when I see that precious "s" after the "http." Even though I know there's a chance it's not actually "s." Other transit fare systems have security problems, too The Magic Metrocard Machine! Three pals stumbled on a MetroCard machine in [NYC] Penn Station that gave them free fares - and they milked it for $800,000 over nearly three years before the MTA caught on, authorities said yesterday. 6 Jailed In Metro Farecard Scheme [DC] Metro Transit Police have arrested six people in an elaborate fare card scam that has so far netted the agency $16,000 worth of stolen Farecards, officials said yesterday. The investigation is ongoing, and officials do not know how much the counterfeit operation has cost the agency. These are both from within the past month. Security problems: Not surprising. That's why I always use cash, as opposed to plastic, when I update my Charley Card. I do admit that having the Charley Card makes things easier. Having it is more convenient than having to line up at the machines. This has nothing to do with This has nothing to do with the system security in respect to your credit card. This almost has nothing to do with the system itself (except for the whole unlocked doors everywhere thing). MBTA does not use a central location for checking amounts on cards for various reasons. This is the issue. If only 6-bit encryption is going to be used then a central check needs to be used instead of the checksum, or in addition to. The only problem there is if the entire central system, or link to it, goes down. But I digress. There is no need to worry about your credit card any more than if you use it at a retail store. Unless the terminal you're standing at is compromised (very tough to do and usually easy to notice such as at a comped ATM) don't worry. That's a hack I would like to see though. Not true Part of the presentation-that-wasn't at DefCon by the MIT students was the social engineering and "hacking" that they were able to accomplish *besides* breaking the code on the cards. One such point they made was that they were able to access network closets where the lines run straight back to the MBTA HQ. These are the same lines that run your credit card info back to the billing computers at HQ where the purchase is made. It is a physical network vulnerability that someone could tap into and record the traffic going back and forth to slurp up credit card info. The network is firewalled, but software firewalls are only as strong as the physical wall of not having access behind the software firewall on the network. Their presentation wasn't solely about the holes in the card security, but all of the physical security problems too (like unlocked exit gates, unwatched computer terminals, proprietary documents like what a proper MBTA ID looks like being left accessable to the public, unlocked gate switches capable of leaving the station open for free to everyone...).