• Wed. Sep 6th, 2023

Teens Hack Subway for Rides

Avatar photo

ByEsme Greene

Sep 6, 2023
Teens Hack Subway for Rides
Esme Greene

In August 2021, a group of Boston high school students replicated a vulnerability in the city’s subway fare payment system that had originally been discovered by MIT students in 2008. Not only did they reproduce the old method, but they also developed a new approach for the current CharlieCard system, enabling free subway rides.

High School Hackers: Unearthing Subway Vulnerability

Matty Harris and Zachary Bertocchi revisited the 2008 vulnerability to check if it had been resolved. Despite the time that had passed and the attention it garnered, the vulnerability remained unpatched, surprising the duo.

Collaborating with two fellow hackers, the teenagers dedicated two years to their project. They unveiled their findings at the Defcon hacker conference in Las Vegas. Their innovation included a portable “vending machine” and an Android app capable of modifying a CharlieCard’s balance and settings.

In contrast to 2008, Boston’s authorities didn’t pursue legal action; instead, they welcomed the students to the transportation authority headquarters to discuss their discoveries. According to Joe Pesaturo, the director of communications for the city, the vulnerability wasn’t an immediate threat and would be addressed when a new toll system is introduced in 2025.

The students revealed that the transportation authority is attempting to counter their method by detecting and blocking altered cards. However, a significant number of these modified cards continue to operate without issue. When asked if they were using their technique to access free subway rides, the students chose not to provide a response.

 
Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.