Another group cracks CharlieCard security

ArsTechnica reports Dutch researchers claim to have broken the encryption used to protect information on CharlieCards and similar systems:

... The group at Radboud carried out its investigation with the help of Ghost, a tag emulator, reader, and eavesdrop device that they built for around 40 euros. ...

The company that makes the CharlieCard system has come out with a more secure encryption system, but it's more expensive and making it backwards compatible with older readers actually introduces more vulnerabilities, ArsTechnica writes.

Topics: 

Free tagging: 

Comments

No, it's still up...

... I just downloaded the paper.

This is now redirected to the host at Radboud University's Faculty of Science; it's the Digital Security section.

I suspect that the original CS department server was slashdotted and they moved Digital Security to the larger-capacity server.

up
Voting is closed. 0

The Vendor Owns This

It would be interesting if the T sued the vendor and made them provide as secure a system as they orginally promised/sold to the T.

I'd love to see all the sales presentations they made, their proposals, etc. Because the vendor was either over optimistic and oversold the security of the product, or the people in charge of buying the system didn't understand what they were doing or buying and didn't do Teh Google to learn.

up
Voting is closed. 0

Maybe the MBTA

can just start making its own currency again and people can "invest" in the public transportation system again!

up
Voting is closed. 0

Token effort?

Wouldn't that be just a token effort? Instead of dividends, would you get never returns?

up
Voting is closed. 0

And the occasional ham

By on

And the occasional ham sandwich thrown through the window; tuna fish on Fridays....

up
Voting is closed. 0

Mifare cracked

By on

I thought Mifare being cracked by the Dutch was old news by now... like, news from last year...

up
Voting is closed. 0