Getting famous hacking RFID

 - 
08/20/2008
I come across stories about computer nerds hacking RFID and MIFARE systems from time to time and don't think much of them, really, but maybe I should be paying more attention. In the latest case making the rounds of the Internet, three MIT students hacked the MBTA's (that's the T, in Boston) RFID-based ticketing system and made it so they could ride for free - then looked to publish a paper about how they did it. The MBTA sued to stop them, but lost. The thing is, no one else seems to be taking this overly seriously either: Located across the Charles River from Boston, MIT's students are known for their love of pranks -- "hacks" in the school's vernacular -- that show off their engineering skills. Among the most famous was a 2006 incident in which students placed a 25-foot (7.6-meter)-long fire truck atop the dome of a campus library building. So, Reuters is equating hacking into an access control system with practical jokes? Is Reuters so clueless that it thinks a "hack" is a prank? First, just this simple hack, while not a major security threat, could mean a ton of lost revenue for the MBTA if it became widely used. Second, this type of technology is the basis for a number of access control systems. Could this same hack allow access to restricted areas at other locations? Could the wrong people get into sensitive areas for reasons of theft or violence? One of the reasons I tend to not take these things seriously is that I think I naively assume that people smart enough to figure this stuff out aren't likely to engage in terrorist acts or other violent acts. These guys are nerds, right? Nerds are nice. Nerds are benevolent. They're interested in the pursuit of knowledge, not blowing people up. But I actually know some nerds who aren't all that nice. And I'm sure Al Qaeda, etc., have plenty of nerds on staff. I think it's important that we pay more attention to these security vulnerabilities, whether in IT/IP-based systems or otherwise, and not make light of the victims of such "hacks."