(Source: Wired's Threat Level)
MBTA tries to silence discussions on ticketing smartcards

The Electronic Frontier Foundation will appeal a temporary injunction entered against three MIT researchers, who were set to give a presentation Sunday on hacking the Massachusetts Bay Transportation Authority’s CharlieCard fare system at the DEF CON hacker and security convention in Las Vegas, Nevada.

The student researchers, Zack Anderson, R.J. Ryan, and Alessandro Chiesa, were originally scheduled to give a presentation called “The Anatomy of a Subway Hack: Breaking Crypto RFIDs & Magstripes of Ticketing Systems,” on Sunday.  Their talk would have revealed details on hacking Mifare Classic-brand RFID smartcards, which are frequently used in security and fare collection systems around the world, as specifically applied to the CharlieCard.

The MBTA filed suit against the trio in a federal court last Friday, where they sought a temporary restraining order to prevent details of the hack from being disclosed – either via a presentation at DEF CON or over the internet – citing the “irreparable harm” it would suffer.

While the MBTA succeeded in cancelling the researchers’ presentation, its actions proved to be too little too late. Conference CD-ROMs, containing copies of the all scheduled speakers’ slides, were already handed out to DEF CON attendees Friday morning. In the words of an unnamed DEF CON spokeswoman, “the MBTA was a day late.”

US District Judge Douglas P. Woodcock cited a federal computer intrusion statute in forbidding the researchers from “providing program, information, software code, or [commands] that would assist another in … [circumventing] the security of [the MBTA’s Fare System].”

The EFF says the statute that Woodcock cited applies to “code programs” in a computer, not someone who gives a presentation to humans. Some critics said the judge’s interpretation equates speech with computer hacking.

Anderson says that he and his team planned to leave out a critical detail in his presentation, which would prevent potential attackers from exploiting the MBTA’s system. “We wanted to share our academic work with the security community,” he said, “and had planned to withhold a key detail of our results so that a malicious attacker could not use our research for fraudulent purposes. We're disappointed that the court is preventing us from presenting our findings even with this safeguard.”

Court records reveal that the MBTA learned of the team’s plans on July 30, when it was pointed to a conference schedule at the DEF CON website; the description of the presentation began with “Want free subway rides for life?” Lawyers met with the researchers on August 5, but left empty-handed as the team refused to provide copies of the materials to be presented –though it appears that they succeeded, however, in redacting the description’s references to free subway rides and social engineering tactics.

A team of Dutch researchers at Radboud University previously disclosed details on hacking Mifare Classic smartcards late last June, after announcing that they had successfully hitched free rides on the London Underground and entered restricted areas of Dutch Interior Ministry buildings.

The EFF says it is using MBTA v. Anderson et al as a poster child for its new Coders’ Rights Project, which will work to shield software developers and hackers from legal threats hampering their work.

"I'm an Internet expert too. It's all right to wire the industrial zone only, but there are many problems if other regions of the North are wired." -- North Korean Supreme Commander Kim Jong-il
Related Articles

Most Popular ArticlesSuper Hi- Vision Will Amaze the World
January 16, 2017, 9:53 AM
Samsung Chromebook Plus – Coming in February 2017
January 17, 2017, 12:01 AM
Samsung 2017 Handset’s Updates
January 17, 2017, 12:01 AM
Comparison – Surface Pro VS Tbook X5 Pro
January 21, 2017, 7:00 AM
Comparison – iPad Mini Vs Huawei MediaPad M3
January 19, 2017, 2:08 AM

Latest Blog Posts
Apple Watch
Saimin Nidarson - Jan 24, 2017, 6:51 AM
Some new News
Saimin Nidarson - Jan 23, 2017, 8:59 AM
What is new?
Saimin Nidarson - Jan 22, 2017, 7:00 AM
Saimin Nidarson - Jan 20, 2017, 7:00 AM
News of the World
Saimin Nidarson - Jan 19, 2017, 7:00 AM
Some tips
Saimin Nidarson - Jan 17, 2017, 12:16 AM
News of the Day
DailyTech Staff - Jan 16, 2017, 12:10 PM
Tech News
Saimin Nidarson - Jan 15, 2017, 12:32 AM
Here is Some News
Saimin Nidarson - Jan 14, 2017, 12:39 AM
News around the world
Saimin Nidarson - Jan 12, 2017, 12:01 AM
Rumors and Announcements
Saimin Nidarson - Jan 11, 2017, 12:01 AM
Some news of Day
Saimin Nidarson - Jan 7, 2017, 12:01 AM
News 2017 CES
Saimin Nidarson - Jan 6, 2017, 12:01 AM

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki