Another group cracks CharlieCard security

ArsTechnica reports Dutch researchers claim to have broken the encryption used to protect information on CharlieCards and similar systems:

... The group at Radboud carried out its investigation with the help of Ghost, a tag emulator, reader, and eavesdrop device that they built for around 40 euros. ...

The company that makes the CharlieCard system has come out with a more secure encryption system, but it's more expensive and making it backwards compatible with older readers actually introduces more vulnerabilities, ArsTechnica writes.

Neighborhoods: 

    Topics: 

    Free tagging: 

    Comments

    No, it's still up...

    ... I just downloaded the paper.

    This is now redirected to the host at Radboud University's Faculty of Science; it's the Digital Security section.

    I suspect that the original CS department server was slashdotted and they moved Digital Security to the larger-capacity server.

    The Vendor Owns This

    It would be interesting if the T sued the vendor and made them provide as secure a system as they orginally promised/sold to the T.

    I'd love to see all the sales presentations they made, their proposals, etc. Because the vendor was either over optimistic and oversold the security of the product, or the people in charge of buying the system didn't understand what they were doing or buying and didn't do Teh Google to learn.

    Maybe the MBTA

    can just start making its own currency again and people can "invest" in the public transportation system again!

    Token effort?

    Wouldn't that be just a token effort? Instead of dividends, would you get never returns?

    Mifare cracked

    By on

    I thought Mifare being cracked by the Dutch was old news by now... like, news from last year...