14 DAY TRIAL // A lot of interesting things have been presented at this year’s EUSecWest security conference. One of them is an Android app that relies on near-field communications (NFC) to reset the public transit access cards utilized in San Francisco (MUNI) and New Jersey (PATH).
Researchers Corey Benninger and Max Sobell of the Intrepidus Group have demonstrated that an NFC-enabled Android phone, fitted with a clever app they designed, could be used to reset and reuse the cards for free, engadget.com reports.
This is possible because of a vulnerable chip access card called Mifare Ultralight, which both PATH and MUNI utilize.
The transit companies have been warned of this issue since 2011, but so far they’ve failed to do anything about it.
That’s why the security experts haven’t released the app that contains the actual exploit. Instead, they’ve made available a version of the application, which shows the number of rides remaining and if the system is vulnerable to the attack they presented.