UltraReset — the NFC-stumping App Exploiting Loophole of Transit System
An NFC mobile app has been created by exploiting a transit system loophole, enabling users to ride trains for free.
According to Gizmodo, the UltraReset app, developed by Corey Benninger and Max Sobell of the Intrepidus Group, takes advantage of the vulnerabilities in a number of public transit systems including the New Jersey Path and San Francisco Muni trains where the app proved its effectiveness.
The app works on any NFC-enabled Android device operating 2.3 or later. This is how it works: by using a train card with zero rides, the app refills the account with rides repeatedly at no cost to the user.
The flaw doesn’t lie with NFC. Instead it resides within the transit authority system, which did not enact security measures to effectively lock down the read/write permissions. So far, the app has only been tested in New Jersey and San Francisco. However, if the loophole remains there, Boston, Seattle, Salt Lake City, Chicago, and Philadelphia could be prone to exploitation as well.
The app was presented recently at a security conference in Amsterdam by Benninger and Sobell. Despite being warned back in December of 2011, and recent attention and coverage, authorities are yet to close the loophole.
Of course the app is not available to the public, but for the time being those tech-savvy hackers will continue to enjoy the free ride.