Researchers bypass NFC access control with smartphone
Posted on 25 September 2012.
A security flaw in most Mifare NFC contactless cards can easily be misused by hackers to modify the contents of the cards and get free rides on at least two U.S. transit systems, two researchers from Intrepidus Group have revealed to the crowd gathered at this years' EUSecWest.

Researchers Corey Benninger and Max Sobell discovered the flaw on the Ultralight cards used by San Francisco' Muni rail and bus system and New York City's Path rail system, and have since then found out that there are other U.S. NFC transit systems that use the same type of card and are possibly susceptible to this type of exploit.

The flaw can currently be exploited only on the disposable paper tickets that are set to be used for a predetermined number of rides.

By using a NFC-enabled phone and a specially developed Android app that allows them to copy the data from new tickets, then copy that data back on "expired" tickets thus making them "new" again, the researchers have developed a simple way for hackers to get as many free rides as they want.

Fortunately for the transit systems mentioned by the researchers, the app is not available for download. Intrepidus Group has only released an app that can scan the data from this type of tickets and tell users if the transit system issuing them is vulnerable to the exploit.

In the meantime, they have also informed the operators of the two aforementioned vulnerable transit systems about the flaw and instructed them on how to fix it.

"We know a number of cities are looking to roll out contactless technology and hope we can bring light to this issue so that it is implemented correctly in the future," the researchers say.

"One of the items we also raised in our talk is that full card emulation on smartphones is likely to happen soon. When this does, it could cause a number of NFC based access control systems to be re-evaluated."


How to keep your contactless payments secure

Posted on 19 September 2014.  |  Fraudsters can pickpocket a victimís financial data using low-cost electronics that can fit into a rucksack. Here are the top security threats you should be aware of if youíre using a RF-based card, along with our top safety tips to keep your payments secure.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 22nd