By Chloe Albanesius
Massachusetts transit officials were skeptical that three MIT students
were providing them with their complete presentation prior to Defcon,
but an analysis by a security consultant said that the conference
presentation alone was not enough to help someone hack the Boston subway
system and get free rides for life, according to court documents.
Zack Anderson, R.J. Ryan and Alessandro Chiesa, undergraduate students
at the Massachusetts Institute of Technology, were scheduled to present
their paper about vulnerabilities within the Boston transit system at
Defcon on Sunday, but the Massachusetts Bay Transit Authority (MBTA)
successfully secured a 10-day restraining order against the trio on
Saturday, and their presentation was cancelled.
Specifically, the students had uncovered vulnerabilities within the
magnetic stripe and RFID card payment systems used for Boston Charlie
Cards and Charlie Tickets.
The MBTA's "Charlie Ticket" is vulnerable to cloning and forgery
attacks, according to a summary of the project submitted to the MBTA.
Visit Defcon Pics - Defcon Memory Repository