{"id":80,"date":"2008-08-10T00:52:09","date_gmt":"2008-08-10T04:52:09","guid":{"rendered":"http:\/\/blogs.law.harvard.edu\/ahshieh\/2008\/08\/10\/charlie-ticket-vulnerablity-remains-unfixed-charlie-card-hacked-by-mit-students-students-sued-by-mbta\/"},"modified":"2008-08-10T22:22:15","modified_gmt":"2008-08-11T02:22:15","slug":"charlie-ticket-vulnerablity-remains-unfixed-charlie-card-hacked-by-mit-students-students-sued-by-mbta","status":"publish","type":"post","link":"https:\/\/archive.blogs.harvard.edu\/ahshieh\/2008\/08\/10\/charlie-ticket-vulnerablity-remains-unfixed-charlie-card-hacked-by-mit-students-students-sued-by-mbta\/","title":{"rendered":"charlie ticket vulnerablity remains unfixed, charlie card hacked by MIT students"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/blogs.law.harvard.edu\/ahshieh\/files\/2008\/08\/800px-mbta-wtcstationticketmachinegatesagr.jpg\" alt=\"Boston T\" width=\"400\" height=\"300\" \/><\/p>\n<p>The Charlie Ticket and Charlie Card, the payment mediums of the Boston T, have greatly increased the security and integrity of the Boston T entry system. The Charlie Card, a move towards the new standard of Smart Cards, is very secure. However, with some ingenious work, self named &#8220;warcarting&#8221;, MIT students finally decoded the Charlie Card, and were asked to present their work at DefCon. The students were quickly sued by the MBTA.<\/p>\n<p><!--more--><br \/>\nThe Charlie Ticket security has never been great. A simple 2\u00a3 3 track card reader can read out the Ticket&#8217;s encoding, which through some variable isolation results in a hex code, such as below:<\/p>\n<p>EC9010402AC9D000000005B8<strong>01F4<\/strong>0171361248A84EC7112C31<em>064<\/em>0000000000001417D0000FD60<\/p>\n<p>By adjusting the values above, and overwriting, the value of the Charlie Ticket is easily changed (bolded is a value variable in hex, and the italicised is the value of the last transaction.) I suggest that MBTA bulk up on the Charlie Ticket&#8217;s encoding, which is short enough as it is; or simply just switch everyone over to the much more difficult to crack Charlie Card. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Charlie Ticket and Charlie Card, the payment mediums of the Boston T, have greatly increased the security and integrity of the Boston T entry system. The Charlie Card, a move towards the new standard of Smart Cards, is very secure. However, with some ingenious work, self named &#8220;warcarting&#8221;, MIT students finally decoded the Charlie [&hellip;]<\/p>\n","protected":false},"author":1892,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[901],"tags":[],"class_list":["post-80","post","type-post","status-publish","format-standard","hentry","category-life"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/archive.blogs.harvard.edu\/ahshieh\/wp-json\/wp\/v2\/posts\/80","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/archive.blogs.harvard.edu\/ahshieh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/archive.blogs.harvard.edu\/ahshieh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/ahshieh\/wp-json\/wp\/v2\/users\/1892"}],"replies":[{"embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/ahshieh\/wp-json\/wp\/v2\/comments?post=80"}],"version-history":[{"count":0,"href":"https:\/\/archive.blogs.harvard.edu\/ahshieh\/wp-json\/wp\/v2\/posts\/80\/revisions"}],"wp:attachment":[{"href":"https:\/\/archive.blogs.harvard.edu\/ahshieh\/wp-json\/wp\/v2\/media?parent=80"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/ahshieh\/wp-json\/wp\/v2\/categories?post=80"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/ahshieh\/wp-json\/wp\/v2\/tags?post=80"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}