The Charlie Ticket and Charlie Card, the payment mediums of the Boston T, have greatly increased the security and integrity of the Boston T entry system. The Charlie Card, a move towards the new standard of Smart Cards, is very secure. However, with some ingenious work, self named “warcarting”, MIT students finally decoded the Charlie Card, and were asked to present their work at DefCon. The students were quickly sued by the MBTA.
The Charlie Ticket security has never been great. A simple 2£ 3 track card reader can read out the Ticket’s encoding, which through some variable isolation results in a hex code, such as below:
EC9010402AC9D000000005B801F40171361248A84EC7112C310640000000000001417D0000FD60
By adjusting the values above, and overwriting, the value of the Charlie Ticket is easily changed (bolded is a value variable in hex, and the italicised is the value of the last transaction.) I suggest that MBTA bulk up on the Charlie Ticket’s encoding, which is short enough as it is; or simply just switch everyone over to the much more difficult to crack Charlie Card.
