Researchers bypass NFC access control with smartphone
Posted on 25 September 2012.
A security flaw in most Mifare NFC contactless cards can easily be misused by hackers to modify the contents of the cards and get free rides on at least two U.S. transit systems, two researchers from Intrepidus Group have revealed to the crowd gathered at this years' EUSecWest.

Researchers Corey Benninger and Max Sobell discovered the flaw on the Ultralight cards used by San Francisco' Muni rail and bus system and New York City's Path rail system, and have since then found out that there are other U.S. NFC transit systems that use the same type of card and are possibly susceptible to this type of exploit.

The flaw can currently be exploited only on the disposable paper tickets that are set to be used for a predetermined number of rides.

By using a NFC-enabled phone and a specially developed Android app that allows them to copy the data from new tickets, then copy that data back on "expired" tickets thus making them "new" again, the researchers have developed a simple way for hackers to get as many free rides as they want.

Fortunately for the transit systems mentioned by the researchers, the app is not available for download. Intrepidus Group has only released an app that can scan the data from this type of tickets and tell users if the transit system issuing them is vulnerable to the exploit.

In the meantime, they have also informed the operators of the two aforementioned vulnerable transit systems about the flaw and instructed them on how to fix it.

"We know a number of cities are looking to roll out contactless technology and hope we can bring light to this issue so that it is implemented correctly in the future," the researchers say.

"One of the items we also raised in our talk is that full card emulation on smartphones is likely to happen soon. When this does, it could cause a number of NFC based access control systems to be re-evaluated."







Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Nov 27th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //