Anatomy of a Subway Hack: Breaking Crypto RFID's and Magstripes of Ticketing Systems

Speakers: Zack Anderson, Alessandro Chiesa, and Russel Ryan.

Bibliographic information: Accepted to DEF CON 16, but had to be canceled.


In this talk we go over weaknesses in common subway fare collection systems. We focus on the Boston T subway, and show how we reverse engineered the data on magstripe card; we present several attacks to completely break the CharlieCard, a MIFARE Classic smartcard used in many subways around the world; and we discuss physical security problems. We will discuss practical brute force attacks using FPGAs and how to use software-radio to read RFID cards. We survey 'human factors' that lead to weaknesses in the system, and we present a novel new method of hacking WiFi: WARCARTING. We will release several open source tools we wrote in the process of researching these attacks. With live demos, we will demonstrate how we broke these systems.

Online material:

Alessandro Chiesa
Last modified: Thu, 27 Dec 2012 16:29:03 -0500
Valid HTML 4.01 Strict