Forgot your password?
typodupeerror
Crime Security Transportation

Cracking Atlanta Subway's Poorly-Encrypted RFID Smart Cards Is a Breeze 139

Posted by timothy
from the but-you're-still-in-atlanta dept.
McGruber writes "Seven metro Atlanta residents are facing theft, fraud, and racketeering charges for allegedly selling counterfeit MARTA Breeze cards. Breeze cards are stored-value smart cards that passengers use as part of an automated fare collection system which the Metropolitan Atlanta Rapid Transit Authority introduced to the general public in October 2006. Breeze cards are supplied by Cubic Transportation Systems, an American company that provides automated fare collection equipment and services to the mass transit industry. At the time of this slashdot submission, the Wikipedia page for the Breeze Card (last modified on 2 August 2013 at 14:52) says: 'The Breeze Card uses the MIFARE smart-card system from Dutch company NXP Semiconductors, a spin-off from Philips. The disposable, single-use, cards are using on the MIFARE Ultralight while the multiple-use plastic cards are the MIFARE Classic cards. There have been many concerns about the security of the system, mainly caused by the poor encryption method used for the cards.'"
This discussion has been archived. No new comments can be posted.

Cracking Atlanta Subway's Poorly-Encrypted RFID Smart Cards Is a Breeze

Comments Filter:
  • Inevitable... (Score:5, Interesting)

    by Shuntros (1059306) on Sunday December 29, 2013 @12:41PM (#45812093)
    Old MiFare stuff is toast, security wise. Any old fool can order some UID-writable tokens on eBay from China, grab a copy of libnfc and mfoc, then things get interesting pretty quickly.
  • why? (Score:4, Informative)

    by Lehk228 (705449) on Sunday December 29, 2013 @12:44PM (#45812113) Journal
    I don't understand why these systems are set up like this, operationally it's not much different from EZ-Pass which works fine with an account based system, putting the value tracking on the cards is just asking for an upgrade treadmill even if it's well designed now, 10 years from now it will be easilly cracked. compare CPU vs GPU/FPGA/ASIC hashing advances
    • Re:why? (Score:5, Informative)

      by QuietLagoon (813062) on Sunday December 29, 2013 @12:49PM (#45812139)
      E-ZPasses Get Read All Over New York (Not Just At Toll Booths) [forbes.com]

      After spotting a police car with two huge boxes on its trunk — that turned out to be license-plate-reading cameras — a man in New Jersey became obsessed with the loss of privacy for vehicles on American roads. (He’s not the only one.) The man, who goes by the Internet handle “Puking Monkey,” did an analysis of the many ways his car could be tracked and stumbled upon something rather interesting: his E-ZPass, which he obtained for the purpose of paying tolls, was being used to track his car in unexpected places, far away from any toll booths.

      • Re:why? (Score:4, Informative)

        by fluffy99 (870997) on Sunday December 29, 2013 @04:47PM (#45813403)

        The plausible explanation is that they are simply using ez-pass as a means to assess traffic congestion, ie how long is it taking a car to traverse a section of highway. Of course I don't doubt that law enforcement wants access to track people, but generally cell phone tracking is more reliable and readily accessible. Wanna bet these are at the border as well?

      • by Anonymous Coward

        The technology is created by a company called Cubic Transportation Systems, and it turns out there are a lot of open questions about who is behind this company.

        http://www.genuinewitty.com/2012/08/22/will-vancouvers-new-transit-passes-be-spying-on-you-and-who-has-access/

        "A story came out recently linking Cubic to Trapwire- but, Cubic came out with a denial that they were connected. But, according to research by Cryptome.org, Trapwire is headquartered at the same address as Cubic, and some of the same people

      • Quote without relevance. When read elsewhere, they are not deducting a payment. That was the point, not putting the account on the card.
        And, it seems to be part of traffic management, so I don't see a major security issue here.
        Whatever point you had, it got missed completely.

    • by CaptBubba (696284)

      It allows for fallback to the stored value on the card if the data connection between the authenticating device and the home station is unreliable, as would be expected in a wide-ranging bus system when these cards were initially deployed.

      Also EZPass and the like have the additional advantage of being tied to either a registered name or an easily identifiable way to bill someone (via a photo of the license plate) in case their account is empty. You don't have that luxury when dealing with people getting on

    • you don't have an 100% live data link with systems like this (lot's of metro systems have both bus and rail and there can be cell dead zones that have areas with no data link) and you don't really have a away to bill later if there is some kind of read error.

    • by Anonymous Coward

      Stored value also has nicer anonymity. Nothing tying it back to your identity (ie buy it with cash). Drop it in the street and you've lost your money a la cash.

    • If I am not going to use cash, I'd prefer to use a token that is cash-like:
      * is transferable like cash
      * can't be tied back to me
      * isn't widely counterfeited, so I'm not subsidizing freeloaders
      * is convenient to use

      Except may be for the counterfeiting part, subway tokens and prepaid fair passes generally meet this requirement.

      I don't have any inherent objection to something that operates like a prepaid debit card, as long as I can purchase it anonymously without any additional fees beyond the fair itself. J

    • by citizenr (871508)

      I don't understand why these systems are set up like this, operationally it's not much different from EZ-Pass which works fine with an account based system, putting the value tracking on the cards is just asking for an upgrade treadmill even if it's well designed now, 10 years from now it will be easilly cracked. compare CPU vs GPU/FPGA/ASIC hashing advances

      Because its expensive to run a lot of data over GSM links in every bus/tram in the city.
      We use same system in Poland and recently a group of people (over 900!) got charged with fraud. They werent the ones selling cards, they were the users, and only stupid ones.
      in polish http://niebezpiecznik.pl/post/900-wlascicieli-falszywych-warszawskich-kart-miejskich-bedzie-przesluchanych/ [niebezpiecznik.pl]

      Someone also offers Android app that charges cards using phone buildin NFC. You pay with BTC (yes, bitcoins). Its only available over

      • by Rakishi (759894)

        Because its expensive to run a lot of data over GSM links in every bus/tram in the city.

        You don't need to send a lot of data. Maybe, 1kb for each authentication event? Assuming 2 million authentications per day (a lot) that comes out to 2 gigabytes of data per day. Last I was in Poland I think that cost around 20 zloty ( $10) to get on a prepaid plan. Hell, you can have it send 100 times as much data and you'll still end up paying less than the cost of maintaining the hardware itself.

        There's a lot of reasons to not go with a GSM based approach but data cost is not one of them.

        • a) It's not a lot of data per link, but it is a lot of links. That 20 zloty plan is one link. Marta has 554 buses and 38 rail stations.
          b) You have supplied no dataon the reliability of that link.
          c) Pricing in Poland is not particularly relevant to Altanta, Georgia, USA.

          • by Rakishi (759894)

            a) It's not a lot of data per link, but it is a lot of links. That 20 zloty plan is one link. Marta has 554 buses and 38 rail stations.

            Since you can't do the math apparently I'll have to. $20 per bus per month comes out to under $150k per year to have GSM data everywhere. For comparison, the Breeze Card program had a $100 million budget and Marta has a yearly budget of $400 million.

            So no it's not a lot of links or a lot of data or a lot of cost although it is sad how people can't do simple math and research anymore.

            b) You have supplied no dataon the reliability of that link

            What part of "There's a lot of reasons to not go with a GSM based approach but data cost is not one of them" is hard for you t

    • by AmiMoJo (196126) *

      If you implement the security properly it still won't be decryptable in 10 or 100 years time, unless something like quantum computing becomes a common reality in which case we have much bigger problems than people getting free rides. Processing power has nothing to do with it; even the fastest possible conventional computer is constrained by the laws of physics and couldn't break it in a useful timeframe.

      As an example the FeliCa system, developed by Sony of all people, has not been cracked. It is also one o

  • Security (Score:5, Informative)

    by ledow (319597) on Sunday December 29, 2013 @12:44PM (#45812115) Homepage

    Like everything:

    If you can buy the readers, and someone obviously sells the writers somewhere, you can clone them.

    As soon as you then rely on these tokens to hold individual data themselves (with no reference to a central database), then they become valued targets for attack.

    If you had these cards hold nothing more than a code number, and wired all the readers to talk home, then the system can't be "scammed" as such - people can have their cards cloned, of course, but you can spot it, you can trace them, arrest them at your convenience, and give the original account holder a new card in the meantime as soon as they report the fraud. But because everything has to talk to a central database, the cards are not so much "cash" as a stolen "credit card" - traceable, and stoppable.

    Then, it doesn't matter if you do use something as common as MiFare (a school I used to work in used Mifare entry systems - they weren't expensive or hard to get hold of at all and I used to program my Oyster - London Tube travel - card to open the door for me in the morning if I'd forgotten my ID card). As soon as the readers are that commonplace, the writers will be available even if that means people are building their own and making fake "cards" the size of a Raspberry Pi with some RF circuitry to pretend to be a card. The next step is just a matter of shrinking the device.

    MiFare is long-cracked. You can buy the cards for pence each and the readers (direct to USB, etc.) for a pittance. The next step up is no harder than going from magstripe readers and cards up to magstripe writers with the correct magstripe "level" to read/write the banking data on an old magstripe credit card.

    Don't put "value" into a chip that can be cloned. Put the value into a central, monitored, system, and provide people only with a codenumber to access it. That codenumber can be cloned still, sure, but then you can watch out for it, notice it, blacklist it, catch people red-handed. And they can't go spending "free money" offline from your system.

    This is my biggest bugbear with London's Oyster system. It's just a number for the most part, but they try to store "value" on the cards and let you buy newspapers with them. Now you have an offline, valued, unmonitored, commodity on an easy-to-clone chip.

    • by jonbryce (703250)

      Oyster is mostly online. There is an offline backup, because if you use it on a bus, the bus may not have a network signal at your bus stop. If you do manage to hack an Oyster card, it will work for one day, but when the reconciliation is done overnight, your card will be blacklisted and it won't work the following day, even in offline mode.

      • Oyster is far from perfect. The online system tells me "There are no season tickets on this Oyster card". Yet there is a monthly travelcard loaded on it that expires sometime next month (not sure when, thanks TFL!).
      • by ledow (319597)

        Not true - it's a lot more "offline" than you think.

        That's why you have to nominate a station to "collect" your top-up - basically they preload to that station in the morning and then you card gets an instruction that you have X pounds more on it now. The card knows how much you have and works when the system is out (done it many times). That's how the vendor purchases work too - they rely on the card to have an up-to-date record of how much PAYG credit they have.

        But, that said, when it is networked - as

    • by Shuntros (1059306)
      The main issue is that Oyster does do some level of cleverness. I only ever skimmed the paper so don't recall the details. The main issue in most use cases is that the spec says the token UID should be read-only. When you can buy tokens from China which completely disregard this and let you write sector 0 it's game over immediately for huge swathes of RFID installations which rely on UID alone.

      My work ID does door access, printing, loads of stuff. Spoof the UID onto a blank token, remove the chip/antenna,
      • by ledow (319597)

        Our Mifare card access system used to read data off of the latest PayWave-type phones. To our systems it was just a random long number but it uses the same frequencies, protocols, etc. as everything else RFID to power itself/send it.

        Caused havoc with our systems when people started buying Galaxy S3's and holding them in their hands while they swiped their entry cards. We wondered what the hell was going on for a long time.

    • by thegarbz (1787294)

      Don't put "value" into a chip that can be cloned. Put the value into a central, monitored, system, and provide people only with a codenumber to access it. That codenumber can be cloned still, sure, but then you can watch out for it, notice it, blacklist it, catch people red-handed. And they can't go spending "free money" offline from your system.

      There's a problem with central database hookups, what happens when the link fails, what's the maintenance cost of a central database and all the links? In Brisbane they've all but given up on manual ticketing systems. I imagine the cost of a handful of people taking free rides is less than the cost of maintaining a central system, and less than the cost of what would happen when the system went down, or any kind of local database gets corrupted.

      Yes there's ways around the value on the card problem, but are

    • by xelah (176252)
      The writers are already commonplace: they're exactly the same as the readers, and an NFC phone can do it. But, you'll need an encryption key to do it (or you'll need to break the authentication or extract the key). These things are not just dumb storage devices, you have to authentication to them to read or write more than the card's unique ID (and you'd have to be a fool to rely just on that to identify a card). The old cards (MiFare Classic cards) are clonable because the encryption was weak. DESFire EV1s
    • by AmiMoJo (196126) *

      You can't just read it, it's not a memory card. It is a microcontroller you talk to. Transactions require a cryptographic handshake. The only thing you can read is the current value and a transaction history, and you can't write anything.

      The microcontroller has physical protection to stop you removing the top with acid and reading the memory directly. If you try it commits suicide and wipes itself. So far no-one has managed to read one.

      The flaw here is the cryptographic handshake. Cloning is still impossib

      • by ledow (319597)

        See other posts - you can buy writeable tokens for next-to-nothing from China, and you can figure out the keys inside any such device using utilities available on Google Code and a bog-standard reader.

        • by xelah (176252)
          You don't need to buy a writable token from China when you can buy a real Oyster card more easily, and you don't then need to worry about it not looking genuine....unless, of course, you're expecting to get through a great many of them by them getting blocked every day (in which case, watch out for those CCTV cameras if you draw attention to yourself). Or you could use a phone to talk to the reader instead of a card. But if they've done it properly then the key will be different for each card, based on a se
          • by ledow (319597)

            If you bought your Oyster card pre-2010, it's not a DESFire one. But it still works. Still holds credit. Hasn't been recalled. Hasn't been disabled. I have at least two that we use for visitors from my girlfriend's country, we used them last week. Saying "DESFire cards" are secure is no good if DESFire isn't a requirement of the transport system in question. My Oyster card goes back at least 7-8 years, I believe, and that's because I lost the one I used to use when I was in Uni.

            Additionally, NXP are

    • Storing value on a or other physical token that is clonable and/or manipulable basically means you can create 'value' out of nothing. This is government sanctioned. Created value isn't taxed, can be used a anonymously as cash, and can be used to transfer money (real or fake) without the governments knowledge. Granted, I don't see your local drug dealer accepting cloned MiFare cards... actually, chances are local organised crime already distributes them, so they are already part of the same economy, so if th
      • Bitcoins are not "generated" currency. While bitcoins themselves may be generated through the algorithm, that does not cause a generation of total bitcoin value in the system. When new bitcoins get generated, a slight drop (or lessening of the increase) of the value of any given bitcoin occurs. If a billion bitcoins suddenly got generated (due to a bug, etc), bitcoins value would plummit. This is very similar to other countries who suddenly decide to print a bunch of money. When this happens, other countrie
    • Oyster cards upgraded past the broken old MiFARE Classic chips some time ago, I believe. NXP make several generations of cards of which the Classic is the oldest and most broken. The more modern/expensive cards, not so trivial to crack.

    • Oyster has switched to DesFire cards which have MiFare emulation but better security.

  • Another card scam... (Score:4, Interesting)

    by QuietLagoon (813062) on Sunday December 29, 2013 @12:46PM (#45812129)
    Police Warn of Gift Card Scam [nbcconnecticut.com]

    .
    Fare cards, gift cards, credit and debit cards used at Target, etc.,.etc,. etc...

    When are we going to make our erzatz money secure?

  • by Anonymous Coward

    Like most of the other government run entities in Atlanta, Marta is run by inept management and awards bids to cronies and
    relatives. I am not surprised the system was outdated and ineffective.

  • by JoeyRox (2711699) on Sunday December 29, 2013 @01:18PM (#45812267)
    Naturally if they're going to spend the money on a secure system it might as well fulfill that goal. But do these metro metering devices really need to be all that secure? I checked MARTA's fare schedule and their most expensive ticket is $5 round-trip. Doesn't seem like enough incentive for the average joe to cheat it, esp. when you consider how transit authorities use a few high-profile prosecutions to discourage people from even buying second-hand tickets let alone hacking their own. In my view the system only need be marginally more secure than the honor system.
    • In my view the system only need be marginally more secure than the honor system.

      I couldn't agree more. And since there is an extreme lack of honor these days, I feel that the next step, rather than spend so much money to secure the transaction(s), is to simply utilize credit/debit cards. If that doesn't work, fuck it, shut the MARTA down; "Sorry folks, the people in this area are to wicked to have nice things."

    • by Pembers (250842)

      Apparently they also do passes that are good for 30 days, which cost $96 (see the comment a few places above). The scam was to buy lots of $1 tickets and reprogram them into 30-day ones.

    • Marta sucks. If you're using Atlanta's public transit, it's probably because you can't afford a car. To a minimum-wage earner, it's not hard to imagine that $5 a day is worth cheating.

      • by Anonymous Coward

        They were saving $56 every 30 days buying counterfeit cards. Less than $2 per day. Where did you get $5 from? Lots of people who ride MARTA have cars. You not only save on gas and save on parking, you also don't have to deal with the traffic. Additional benefits, you can read or whatever on MARTA, not while driving. Additional benefit, you can be drunk on MARTA. You can go to happy hour after work, no worries. Additional benefits, less pollution and less dependent on foreign oil. MARTA is pretty good especi

  • Bit of a tangent, but this story got me thinking about this: http://shamonica.com/2012/05/wizard-spotting-wizards-on-the-bus/ [shamonica.com]
  • Quick question (Score:5, Interesting)

    by Okian Warrior (537106) on Sunday December 29, 2013 @03:18PM (#45812935) Homepage Journal

    Out of curiosity, how much revenue comes in from fares, and how much expense goes out in fare maintenance?

    A lot of metro systems charge fares in addition to getting public support from taxes. Has anyone thought to tally the costs of the fare system compared to the income? Things like cost of the machines, maintenance of the machines, maintenance of the turnstiles, accounting, law enforcement &c... all these things add up.

    Even if the fares bring in revenue, it's probably minor. Most of the cost goes into collecting the fares, so most of that value is wasted.
    The economy would get a boost if that money were freed up to be spent by consumers, and doing so would help the people who need it the most (ie - poor people).

    This whole thing seems like a fabricated problem - a system that forces people to spend money just for the sake of spending it. Then spend more money reimplementing the system when the original system is found to have flaws, then spend countless hours and resources in enforcement and prosecution.

    Just get rid of it. Let the money go into the economy.

    • While I am receptive to the concept that sometimes it is not worth it to collect the money (that why transit systems are moving to face cards, so that they don't have to handle change), fares also provide some demand management. Even if you are not applying demand-based fares, charging a non-zero amount the far end of the demand curve which would happily fill and overflow all capacity and will let you find when/where you really need to add new capacity.

      • While I am receptive to the concept that sometimes it is not worth it to collect the money (that why transit systems are moving to face cards, so that they don't have to handle change), fares also provide some demand management. Even if you are not applying demand-based fares, charging a non-zero amount the far end of the demand curve which would happily fill and overflow all capacity and will let you find when/where you really need to add new capacity.

        Wow. Elliptical much?

        Put it in terms of value. Does demand management have any value? Could demand be managed by another method, such as historical prediction, or simply by having people press a button to "call" trains to stations?

        You can't make a case for options unless the value (or utility) of each option is known. Just referring to an amorphous ill-defined term "demand management" doesn't cut it.

        Does demand management have any value? And if it does, is demand management by fares the best way?

    • by swb (14022)

      That's a great question. From what I've read about the Minneapolis light rail system, fares cover about a third of the operating cost. I'm not sure what the fare collection costs are (machines, enforcement, etc) but its hard to see them being more than 10% of the fare revenue, especially when you consider that a lot of the collection costs are upfront (buying, installing machines, etc) and basically one-time costs.

      You do wonder what would happen if they just made riding it free. It might mean more riders

      • I'm not sure what the fare collection costs are (machines, enforcement, etc) but its hard to see them being more than 10% of the fare revenue, especially when you consider that a lot of the collection costs are upfront (buying, installing machines, etc) and basically one-time costs.

        I can't find a detailed budget for Minneapolis, but fare costs for other cities are always over 85% (for cities I've looked at to date) and can be higher than 100% in some cases. BTW, fares account for only 15% of the Minneapolis light rail revenue (source [patch.com]).

        There are a lot of hidden costs, such as personnel to collect the coins/tokens/strips, empty and reload the machines, personnel to do maintenance, and such. Personnel are very expensive to maintain - did you include the pensions?

        I don't know what the exp

        • by pepty (1976012)

          I can't find a detailed budget for Minneapolis, but fare costs for other cities are always over 85% (for cities I've looked at to date) and can be higher than 100% in some cases. BTW, fares account for only 15% of the Minneapolis light rail revenue (source [patch.com]).

          The difference is explained in that article: fares only account for 15% of the total cost for Minneapolis light rail, not 15% of the total revenue. Most cities only talk about fares collected vs operating expenses; they don't include capital expenditures and debt service, which together can be larger than operating expenses.

          • by plover (150551)

            In that article the politician was saying that fares are 30% of the revenue used to offset operating expenses, but that excludes any mention of servicing the mortgage on the capital investments, which he argues doubles the actual cost of a ride, meaning fares provide only 15% of the cost of the ride. (I think it's a poor argument, by the way, because it completely ignores the benefits produced by a functioning mass transit system, but that's a giant political debate that we don't need to have here.)

            The gra

    • by bsa3 (200) *

      There are indeed reasonable number of fare-free systems. But you neglect the core purpose of public transit as it is seen by most US governments—i.e. distributing cash. Even if a system has 10% farebox recovery, they still get to buy the equipment and employ people to collect the money. Sure, they could go to proof-of-payment (or drop fares entirely), and further reduce costs by putting the Buy America Act and Davis-Bacon out of their misery, but that would reduce the opportunity for graft.

  • 1.Why are these things so weak and easily broken
    2.Why don't the companies that make them invest a bit more money in making them harder to break (instead of on lawyers to sue people who break them)
    and 3.If the companies that make them wont fix them, why isn't someone else offering systems with stronger encryption?

    • by Velex (120469)

      I'd really like to know the answer to #3.

      Off the top of my head, I don't understand why they don't have a private key known only to the bus/station equipment that does the reading/writing of the amount on the card and some kind of incrementing or rotating ID to prevent replay attacks/card cloning? Each bus could have an ID and a counter, then each morning distribute to a system on each bus the bus/counter combinations that have already been used maybe say in the past 3 or so months depending on how much da

      • by Velex (120469)
        Whoops, should be secret key, not private key!
      • by plover (150551)

        The thing that comes to the top of my mind is customer throughput and system speed. Public key cryptography works on really big numbers, and RFID technology doesn't exactly operate at blazing megabit speeds. Long ago we tried a smart card (contact) system that took 1500 milliseconds to exchange an RSA encrypted message with the reader at 9600 baud. The four cryptographic exchanges the vendor had the device performing took a total of six seconds, and none of our customers liked it. For a transit system t

  • MARTA - Moving Africans Rapidly Through Atlanta (or so the locals call the system).

    It's probably wrong to, but I applaud the hackers. It's really only the poor folks in Atlanta that use the system (everyone else drives) and every little bit they can save helps.

    • by BenoitRen (998927)

      I find the abbreviation, MARTA, cute. Reminds me of a certain video game character.

      • by pepty (1976012)
        There's a little train in the Wild Animal Park north of San Diego, it was accidentally named WGASA by an employee:

        Snopes:

        Some years ago, the famous San Diego Zoo opened a second, larger branch called the San Diego Wild Animal Park. The Park is built around an enormous open-field enclosure where the animals roam free. To see the animals, visitors ride on a monorail called the Wgasa Bush Line which circles the enclosure. Here's the true story of how the Wgasa Bush Line got its name. They wanted to give the monorail a jazzy, African sounding name. So they sent out a memo to a bunch of zoo staffers saying, "What shall we call the monorail at the Wild Animal Park?" One of the memos came back with "WGASA" written on the bottom. The planners loved it and the rest is history. What the planners didn't know was that the zoo staffer had not intended to suggest a name. He was using an acronym which was popular at the time. It stood for "Who Gives A Shit Anyhow?"

    • by 0xdeadbeef (28836)

      It's funny how Northerners are the most racist people in the South these days.

  • Did you expect these crackers to be proactive against hackers? I think not. They invest far more in being proactive against "blackers." I have been to Atlanta scores of times and it is a joke of a metropolis. Nothing of worth is going on down there and oh yeah, you better own a car.

"Hello again, Peabody here..." -- Mister Peabody

Working...