Hacker News new | past | comments | ask | show | jobs | submit login
Operation Charlie: Hacking the MBTA CharlieCard from 2008 to Present (medium.com/bobbyrsec)
83 points by Amorymeltzer on Dec 15, 2022 | hide | past | favorite | 25 comments



As someone who's willing to pay more taxes in order to make public transit in Boston free for everyone, I consider this a feature, not a bug. (FFS, make the buses free at least, 80% of bus rides connect to the T anyway, and getting rid of fares on buses makes their schedules more reliable since you no longer need to block on people rifling through their pockets and slowly feeding wrinkled dollars into the machine.)


I've noticed that the further you get away from downtown, the more likely the bus driver is just going to tell you not to bother with it and wave you back if you reach for some dollar bills. But like you said, it'd be nice if it was just official policy for all bus rides rather than an ad hoc lottery based on the driver.


Pretty much everything in MA is like that. The jackboot of beacon hill is on the end of a short leg. Give-a-fucks about anything and everything expend rapidly the further from it you get (both physically and economically).


You have it backwards — the further from Boston you get, the more the communities are mooching off the GBA money tree.


That money comes with strings attached and that's the whole point. You could always stop paying and just let all that stuff that gets done with state money get done by the towns instead but you'd lose the ability to dictate terms and we all know that's a non-starter.

Micromanaging a bunch of people who don't care about you or your values isn't cheap. You can either pay in dollars or in blood. The wealthy suburbanites and urbanites who want to see the brown folk in Fall River or the hicks west of Worcester march to the official state tune don't really have the stomach for an endless supply of "the tragic turn of events all began when State Trooper McFakeTimeCard pulled over Mr. Lopez, 36 of Springfield for an expired inspection sticker..." type news stories so it's no surprise that the "US in Iraq" approach gets chosen over the "Russians in Syria" approach.

<shrug>


No, beacon hill sends money (via MassHealth for example) because it makes Massachusetts a better society. We don’t want Western Mass to be destitute.


Agree, I'd prefer that as well. If not that, at least make it possible to pay with your phone or smartwatch like NYC has done. That really seems to have done a lot to reduce the time to board there.


Awesome article, really enjoyed reading it.

Only thing that ruffled my feathers at the end as a MA resident was the solution being additional personnel to monitor a non-problem.


I've been mulling the question of whether fares should be free recently.

Yes it gets people out of cars, yes it's progressive.

But on the other hand, you don't get much signal of how it's actually valued. And if it is valued, surely it turns regressive by gentrifying areas served by free transport, forcing the poorest away.

Not that I think public transport should be for profit.


Some people did this in Western Australia in 2016 (using a SmartRider, which is also Mifare Classic based). They gained $18 worth of free travel. The backend system flagged the modified card. Both were charged and convicted of hacking and fraud.

https://www.watoday.com.au/national/western-australia/perth-...


I don’t really see why this should be punished more harshly than stealing $18 worth of goods from a store.


There's an implied "how dare you try and pull a fast one on the almighty state" multiplier for crimes like this.

You see similar treatment in many similarly petty crimes. In my state it's a felony to spray paint state highway and transit infrastructure. Tagging adjacent commercial rail infrastructure is just vandalism.


This is an excellent article but anyone who uses the mbta knows it is overkill. If you want a free ride you can simply follow someone who paid or put your arm over the gate triggering it to open.


When I used to catch the orange line from Mass Ave every day, one could just ask the friendly MBTA helpers there to open a gate for you. Ostensibly a service intended for hands full, handicap, etc, but they knowingly used it to let people on for free all the time as a sort of 'direct action'. No idea if that spirit remains at that station, that would have been 10 years ago now.


just enter a station that doesn't even check tickets like lechmere


You are right that they technically don’t check tickets but every now and then the MBTA police show up at a station and actually ask for proof of fare validation. I’ve seen people who are shocked when they are being yelled at and handed a significant fine.


That's funny, I just took the T for the first time yesterday as I arrived in Boston, and was curious why such a large number of people would get on at a certain stop.


Was it Lechmere? That may be because for the longest time (until the recent Green Line Extension project), Lechmere was the terminus for the Green Line, and so it became a part of a lot of people's commutes.


Somebody should tell Charlie so he can finally get off of the train.


Sadly, his fate is still unlearn’d


> a) Bypasses any ride counter checks, as I would never actually have to ride the T with a cloned card, I would simply check my balance at the fare machine and then leverage their system design to request a new card.

I don't really see how it would bypass the counter check, as I would think the device reading out balances also reads out the counters.


Can someone ELI5 why MBTA has to trust the balance stored on the card in the first place? It seems like this whole issue would go away if they just kept the balance on the server and flagged cards that did not corroborate.


This is common in truth-on-card transit systems, many of which were conceived before internet connectivity at terminals was a thing. Often the cards needed to work on busses, etc. that didn’t have internet connectivity and couldn’t validate the balances. Even still there isn’t necessarily reliable internet in tunnels, etc.

Newer variants of similar cards are regarded as more secure, such as MiFare’s DESFire line which is used in the SF Bay Area (Clipper).


Based on the outcome of the 2008 hack, some of vulnerabilities (value stored on card, not remote server) still remain today.

AFC 2.0 has been delayed for many years, this new MIFARE attack vector will remain for a while longer as well.


Over here in Germany we had a 9 Euro per month all you can eat ticket four local public transport during Covid. This now indefinitely extended at 49 Euro per month.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: