By Robert McMillan
December 22, 2008
Three Massachusetts Institute of Technology students who were sued
earlier this year by the Massachusetts Bay Transit Authority (MBTA) said
Monday that they are now working to make the Boston transit system more
The announcement brings to a close a high profile case that pitted the
rights of security researchers to freely discuss their findings against
the concerns of one of the country's largest transit systems, which
worried that this type of information could lead to widespread ticket
fraud. "I'm really glad to have it behind me. I think this is really
what should have happened from the start," said Zack Anderson, one of
the students sued by the MBTA.
Anderson, along with Russell "RJ" Ryan and Alessandro Chiesa, was
prevented from giving a talk entitled "The Anatomy of a Subway Hack:
Breaking Crypto RFIDs & Magstripes of Ticketing Systems" at the Defcon
hacker conference last August.
The students had planned to show that they had reverse engineered the
MBTA's CharlieTicket magnetic stripe tickets and CharlieCard smartcards.
The CharlieCard uses the same Mifare Classic RFID (radio frequency
identification) technology that was cracked earlier this year by
The MBTA had argued that the presentation could have caused "significant
damage" to the transit system, but the students had said that they had
no intention of releasing key pieces of information that would have
allowed people to hack the system.
Help InfoSecNews.org with a donation!