Judge orders halt to Defcon speech on subway card hacking
Posted by Declan McCullag
(snip)
LAS VEGAS--A federal judge on Saturday granted the state of Massachusetts' request for an injunction preventing three MIT students from giving a presentation about hacking smartcards used in the Boston subway system.
The undergraduate students were scheduled to give a presentation Sunday afternoon at the Defcon hacker conference here that they had said would describe "several attacks to completely break the CharlieCard," an RFID card that the Massachusetts Bay Transportation Authority uses on the Boston T subway line. They also planned to release card-hacking software they had created.
U.S. District Judge Douglas Woodlock on Saturday ordered the students not to provide "program, information, software code, or command that would assist another in any material way to circumvent or otherwise attack the security of the Fare Media System." Woodlock granted the MBTA's request after a hastily convened hearing in Massachusetts that took place at 8 a.m. PDT on Saturday.
(snip)
(snip)
The Electronic Frontier Foundation, which is providing legal assistance to the defense, is planning a press conference at Defcon at 2 p.m. PDT. The students' talk was pulled from the schedule after an EFF lawyer recommended that they not give it, a Defcon spokeswoman said.
The MBTA, which is a state government agency, claims that "disclosure of this information will significantly compromise the CharlieCard and CharlieTicket systems" and "constitutes a threat to public health or safety."
(snip)
(snip)
Also released as part of the public record was a document marked "confidential" and written by the researchers that explains exactly how the Charlie cards can be cloned and forged. "Our research shows that one can write software that will generate cards of any value up to $655.36," the document says.
The document also discusses the lack of physical security at the MBTA. "Doors were left unlocked allowing free entry in many subways," the document says. "The turnstile control boxes were unlocked at most stations. Most shocking, however, were the FVM control rooms that were occasionally left open.
(snip)
http://news.cnet.com/8301-1009_3-10012612-83.html?part=rss&subj=news&tag=2547-1_3-0-20