{"id":2267,"date":"2012-09-24T05:33:19","date_gmt":"2012-09-24T00:03:19","guid":{"rendered":"https:\/\/www.qadit.com\/blog\/?p=2267"},"modified":"2012-10-06T12:26:50","modified_gmt":"2012-10-06T06:56:50","slug":"security-researchers-identify-transit-system-exploit-in-san-fran-and-new-jersey-create-app-to-prove-it","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/security-researchers-identify-transit-system-exploit-in-san-fran-and-new-jersey-create-app-to-prove-it\/","title":{"rendered":"Security researchers identify transit system exploit in San Fran and New Jersey, create app to prove it"},"content":{"rendered":"<p> Mobile security company Intrepidus Group presented evidence during the EUSecWest security conference potentially identifying a major flaw in at least two US transit systems. Creating an Android app named &#8220;UltraReset&#8221; and using it in tandem with an NFC-enabled Android phone (a Nexus S, in this case), security researchers Corey Benninger and Max Sobell were able to reset and reuse &#8212; free of charge &#8212; transit access cards in both San Francisco&#8217;s MUNI system and New Jersey&#8217;s PATH system. Before you go getting any bad ideas, know that Benninger and Sobell haven&#8217;t released the app for public use, and warned both transit systems in late 2011 (though neither region has fixed the exploit, the duo claim). PATH and MUNI share a common chip access card &#8212; the Mifare Ultralight &#8212; which can apparently be reset for 10 extra rides via Android phones with NFC, an OS newer than 2.3.3 (Gingerbread). Starting to sound familiar?<\/p>\n<p> Intrepidus is, however, releasing a modified version of the app, named &#8220;UltraCardTester.&#8221; The modified app functions just like its nefarious progenitor, except it can&#8217;t add time to cards. The app can tell you how many rides you have left, and if a system is open to exploit, but it won&#8217;t assist you in <em>the act<\/em> of exploiting. <\/p>\n<p><\/p>\n<hr>\n<p>Original article at <a href=\"https:\/\/www.engadget.com\/2012\/09\/23\/android-hack-subways\/\">Engadget<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mobile security company Intrepidus Group presented evidence during the EUSecWest security conference potentially identifying a major flaw in at least two US transit systems. Creating an Android app named &#8220;UltraReset&#8221; and using it in tandem with an NFC-enabled Android phone (a Nexus S, in this case), security researchers Corey Benninger and Max Sobell were able &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/qadit.com\/blog\/security-researchers-identify-transit-system-exploit-in-san-fran-and-new-jersey-create-app-to-prove-it\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Security researchers identify transit system exploit in San Fran and New Jersey, create app to prove it&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[12],"tags":[267],"class_list":["post-2267","post","type-post","status-publish","format-standard","hentry","category-itsec","tag-security-researchers-identify-transit-system-exploit-in-san-fran-and-new-jersey"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-Az","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/2267","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=2267"}],"version-history":[{"count":0,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/2267\/revisions"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=2267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=2267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=2267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}