While IOS users are having problems simply finding the subway due to the disaster that is IOS 6 maps, Android users have developed a way to ride subways for free! Wha?? Two security researchers have developed an application that not only uses NFC to read the data from a fare card for US subways, but also allows you to reset it as many times as you wish. The result? Free subway rides forever. Don’t believe me? Luckily, they filmed the hack working over and over again (with a Nexus S) at a subway station for your viewing pleasure.
The name of the app is Ultrareset, and before you start telling me how awesome I am for sharing the name of the app, just know that it’s not on Google Play (I know cause I tried finding it). The app basically scans the subway card via NFC, and exploits the Mifare Ultralight chip used in disposable NFC cards. It then is able to rewrite the information on the card and effectively reset the balance/amount of fares over and over again.
Sounds like some crazy hacking cyber warfare style coding involved right? Wrong. Matter of fact, the makers of the app (Corey Benninger and Max Sobell) stated that they aren’t even coders, and that with their basic knowledge they were still able to code the app in one night. In other words, it seems pretty freakin easy to do if you have a little know how.
Considering that these NFC based cards are used in some San Francisco, New Jersey, Boston, Seatle, Salt Lake City, Chicago, and Philadelphia transit systems, this little exploit could allow mischievous Android users with NFC to travel in quite a few places at no cost (not tested in all those cities by developers of the app).
A modified version of the app (UltraCardTester) was made available yesterday that allowed people to test the security of their local transit system, but didn’t allow you to rewrite data on the card.
The vulnerability is apparently an easy fix, and would require transit companies to simply use a more secure chip, or to make tweaks to their back end to ensure that the cards “bits” are activated whenever travel units are used. The devs apparently aren’t out to get free train rides, but want to “raise awareness for an issue that potentially could affect many systems”.
Here is a video of the creators testing out the app at a Subway station. As you can see, it works pretty well (Vimeo link here):
So...no maps for iPhone users, and no NFC for free train rid...I mean...testing security. Man oh man...iPhone buyers sure made the right decision :-D
Picture credits: images.wikia.com (edited by myself)