| Title | Operation Charlie: Hacking the MBTA CharlieCard From 2008 to Present | |
| Date | Saturday December 17, @05:04AM | |
| Author | janrinok | |
| Topic | ||
| from the sorry-Charlie dept. | ||
Archive link: https://archive.vn/Pfc6Q
The CharlieCard is a contactless smart card used for transportation fare payment in the Boston area. It is the primary payment method for the Massachusetts Bay Transportation Authority (aka MBTA or the T) and several regional public transport systems in the U.S. state of Massachusetts. Nearly 15 years after a group of MIT students first publicly disclosed security vulnerabilities in the CharlieCard, I am publicly disclosing that it is possible using only an Android phone to:
This post will tell the story of the CharlieCard, complex system design, how vulnerability likelihood and severity can change with rapid changes in technology, the importance of OSINT (Open-Source Intelligence) monitoring and threat intelligence, and the process of responsible vulnerability disclosure to a government agency without a Vulnerability Disclosure Program.
| Links |
printed from SoylentNews, Operation Charlie: Hacking the MBTA CharlieCard From 2008 to Present on 2023-05-26 13:18:19