ACM TechNews
MIT Students Ordered to Halt Report on Hacking Subway System
Wall Street Journal (08/11/08) P. A4
A federal U.S. district judge in Massachusetts ordered three Massachusetts
Institute of Technology students to cancel a presentation at a computer
hackers' conference in which they were to announce security flaws they
discovered in the automated fare system used in Boston's subway system.
The temporary restraining order prevented Zack Anderson, R.J. Ryan, and
Alessandro Chiesa from demonstrating how to use the vulnerabilities to get
free rides. The Electronics Frontier Foundation (EFF), which is
representing the students, plans to fight the order, says EFF's Jennifer
Granick. The Massachusetts Bay Transpiration Authority's complaint says
the students planned to show others how to use the hacks before giving the
transit system time to fix the flaws. Granick says the students were
simply trying to share their research and planned to omit key information
that would make things easier for someone attempting to hack the payment
system. The researchers say the presentation would have demonstrated how
to generate fare cards, reverse engineer magnetic stripes on cards, and
hack radio frequency identification. "It is extremely important to
maintain the security and integrity of the Fare Media systems," says
transit system's Gary Foster. "With an insecure, compromised system, even
basic revenue controls, to name one example, become significantly
challenging." Granick says ordering the students to not share their
findings will have a negative impact of legitimate researchers who want to
expose flaws to improve systems.
http://online.wsj.com/public/article/
SB121841382044828463.html?mod=2_1563_leftbox
© Copyright 2008 Information, Inc. This service may be reproduced for internal distribution.