Experts: New ticket app leaves MBTA vulnerable


The MBTA is on the forefront of new technologies, with plans to roll out digital ticketing on the Commuter Rail this fall, but security professionals say the transit agency shouldn’t be so sure the new system couldn’t be hacked.

“Everything has a flaw,” said Caitlin Johanson, technical specialist for Core Security Technologies.
This week the T announced plans to unveil an app for smartphone devices that will let riders buy passes using a debit or credit card.

Train conductors will then check tickets on riders’ phones to ensure their validity.

Developers from Masabi, the company launching the app, said color-changing, visually encrypted images and scanner codes will help deter fraudulent passes.

Johanson said from a “reverse engineering perspective,” however, once this technology hits the public market, that’s when the “frenzy will begin.”

“As a security professional, you come to realize that there is literally a workaround for everything … you just need to give it time,” she said.

While used widely in England, the T will be the first transit agency in the U.S. to use the new app, something Johanson said can be risky.

“Saying you can’t hack this coming into the U.S. is like putting a huge, red target sign on your forehead,” she said. “Boston is one of the top cities for hacker and security communities — it’s a rough area to introduce something like this.”

But MassDOT Secretary Rich Davey said the agency is relying on evolving security developments to stay “a step ahead.”

“Nothing in life is fool proof, but I expect we will have the most secure program possible,” he said.

Hacker pride

According to Johanson, those in the “hacker community” pride themselves on breaking through services deemed “un-hackable.”

“You get your name on this, that’s world news. Notoriety is one of the biggest currencies the hacker community has,” she said. “It’s not always about hurting someone as much as it is saying ‘look what I did.’”

Past MBTA scams

Being the target of massive ticket scams isn’t something new to the T.
In 2008, three MIT students figured out a way to get free subway rides and unveiled a video called “The Anatomy of a Subway Hack.”

In 2012, four people were  arrested for allegedly producing thousands of unauthorized T passes worth millions of  dollars.


New York Times calls for legalization of pot

The New York Times editorial board on Saturday endorsed a repeal of the federal ban on marijuana, becoming the largest paper in the nation to back the idea.


Two injured after cable snaps on Ohio amusement…

(Reuters) - A cable on a large swing ride at an Ohio amusement park snapped and struck two riders as the swing was in motion,…


BuzzFeed writer Benny Johnson fired for plagiarism

The news and entertainment website BuzzFeed has fired the writer Benny Johnson after its editors said they found he plagiarized others' work 41 times.


Pregnant Florida woman shot, killed looking over friend's…

A 25-year-old pregnant Florida woman died after being shot in the head while she visited a friend who was showing off his gun collection, police said.


MKTO: Behind the bromance

MKTO's Malcolm Kelley and Tony Oller talk about the American Dream tour, Demi Lovato and getting turned down by girls.


Newport Folk Festival: Photo gallery of 35 moments…

As has been the tradition since Bob Dylan plugged in a bajillion years ago, the Newport Folk Festival embraces more musical genres than its name implies.


James Earl Jones and Rose Byrne head to…

Two-time Tony winner James Earl Jones returns to the New York stage next month as an eccentric grandfather in a revival of the 1930s comedy…


Box office: Scarlett Johansson wins battle of brains…

Scarlett Johansson's "Lucy" handily dispatched with Dwayne Johnson's "Hercules" over the weekend.


LeBron James will return to No. 23 in…

LeBron James is doing his old fans, if not the NBA, a favor. The Cavaliers forward will go back to his old No. 23 from…


Kevin Love becomes third NBA player to pull…

Kevin Love of the Minnesota Timberwolves became the third NBA player to withdraw from consideration for Team USA in next month's World Cup, USA Basketball.

U.S. Soccer

Orlando City takes shot at NYCFC over Frank…

Orlando City reminded the world how big a signing Brazilian star Kaka earlier this month with a photo of Kaka mobbed by fans juxtaposed against Lampard.


Jeremy Lin says 'Linsanity' is over as he…

Jeremy Lin lit up the NBA two years ago with his play for the Knicks but he has no desire to recreate "Linsanity" in his new career with the Lakers.


Cara Delevingne's major fashion faux-pas

Find out why the outfit Cara Delevingne wore to Leonardo DiCaprio's charity gala raised eyebrows.


Strawberry shortcake ice cream sandwiches

Make this ice cream sandwich all summer long.


Forget Wi-Fi: Li-Fi could be the future

Li-Fi technology – developed by Mexican company Sisoft – is wireless internet connectivity using specialized LED light.


Weather app Climendo might be the most accurate…

The wait for a truly accurate weather forecast could finally be over thanks to a nifty new app called Climendo.