Anatomy of a Subway Hack: Breaking Crypto RFID's and Magstripes of Ticketing Systems

Bibliographic information: Accepted to DEF CON 16, but had to be canceled.

Abstract

In this talk we go over weaknesses in common subway fare collection systems. We focus on the Boston T subway, and show how we reverse engineered the data on magstripe card; we present several attacks to completely break the CharlieCard, a MIFARE Classic smartcard used in many subways around the world; and we discuss physical security problems. We will discuss practical brute force attacks using FPGAs and how to use software-radio to read RFID cards. We survey 'human factors' that lead to weaknesses in the system, and we present a novel new method of hacking WiFi: WARCARTING. We will release several open source tools we wrote in the process of researching these attacks. With live demos, we will demonstrate how we broke these systems.

• The talk itself, in PDF or PPT.
• See my collection of online material on MBTA v. Anderson, et alii.