Washington DC Metro Farecard Hack
Thieves took a legitimate paper Farecard with $40 in value, sliced the card’s magnetic strip into four lengthwise pieces, and then reattached one piece each to four separate defunct paper Farecards. The thieves then took the doctored Farecards to a Farecard machine and added fare, typically a nickel. By doing so, the doctored Farecard would go into the machine and a legitimate Farecard with the new value, $40.05, would come out.
My guess is that the thieves were caught not through some fancy technology, but because they had to monetize their attack. They sold Farecards on the street at half face value.
Mike • July 22, 2008 1:32 PM
Now that’s clever. I always wondered about messing with the Farecard magnetic strip using a standard card reader. It wouldn’t surprise me if the data integrity protection is weak or non-existent.
This, however, is a low-tech attack that bypasses whatever encryption might exist. Just give the machine enough of a strip with money to read, combined with enough of a strip without money to write to. I wonder what else this sort of thing might work with.
Metro now also puts out hard plastic “SmartTrip” cards for longer-term use. I believe they use RFID; you just wave them near a reader. It wouldn’t surprise me if an RFID signal eavesdropping and replay attack would work — though SmartTrips have a unique serial number and might be easier to track.