Hackers Find NFC Loophole for Public Transit

Unlimited rides on public transportation? No problem for hackers.

Matteo Collura, 19, and Matteo Beccaro, 18, uncovered two new security loopholes that allow them to timestamp NFC-enabled tickets (MiFare Ultralights) with NFC-enabled Android phones and turn a limited-ride ticket into an unlimited one, according to an article from Mashable. The two Italian teenage hackers claim the hacks are fairly easy to reproduce, as they presented their findings at Def Con on Saturday.

After the city of Turin implemented NFC-enabled cards in January, the two researched how the chips worked. That was the easy part – it was advertised on their website, Mashable reports. The issue is, the cards are not encrypted, so the data inside is readable with any NFC device. At that point, Collura and Beccaro were able to set the cards in a “read-only” format, so the cards could not be stamped and always contained the same number of rides.

The timestamp is valid for 90 minutes, but all the hacker needs to do is re-scan the ticket with an NFC-enabled device and change the date, effectively stamping the ticket by him- or herself.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.