Smart-card hackers expose dumb flaws
College students crack a relatively simple code in frequently used access technology to expose major security weakness.
Three Massachusetts Institute of Technology (MIT) students hacked into Boston’s mass transit system earlier this year. Once in the system, they cracked the flimsy code guarding the data, enabling users to add money to fare cards without paying a penny. The act adds up to more than a prank—it exposes the inherent weakness in a security technology used in door-swipe badges, fare cards, and other security and access systems worldwide.
In 2006, the Massachusetts Bay Transportation Authority (MBTA) spent nearly $200 million upgrading its fare collection system. Because the Mifare Classic chip the new system uses a quickly crackable cipher (as demonstrated by the MIT students), MBTA officials are faced with the possibility of having to scrap that system and spend yet more revenue on a new, better-guarded technology.
Other departments have responded to the exposed security flaw. In the United Kingdom, London Underground officials installed a stopgap measure to secure the system while a permanent upgrade is being developed. In the Netherlands, government officials have placed security guards at doorways once guarded only by smart cards.
- Events & Awards
- Magazine Archives
- Oil & Gas Engineering
- Salary Survey
- Digital Reports
Annual Salary Survey
After almost a decade of uncertainty, the confidence of plant floor managers is soaring. Even with a number of challenges and while implementing new technologies, there is a renewed sense of optimism among plant managers about their business and their future.
The respondents to the 2014 Plant Engineering Salary Survey come from throughout the U.S. and serve a variety of industries, but they are uniform in their optimism about manufacturing. This year’s survey found 79% consider manufacturing a secure career. That’s up from 75% in 2013 and significantly higher than the 63% figure when Plant Engineering first started asking that question a decade ago.