SMS Trickery in Public Transport

SMS Trickery in Public Transport

Nowadays, information technology has expanded its reach into all fields of economy. This provides hackers with interesting new possibilities – did you ever think about exploits in public transportation?
Tam Hanna
Hakin9 1/2010

Fare dodging is a popular sport in most countries: it tends to pay out often, and people living in a country where they are not native citizens tend to get away completely unscathed most of the time.

On SMS ticketing

Providing consumers with an easy way to purchase tickets tends to reduce fare dodging, which is why most public transport companies now offer SMS tickets. An SMS ticket is a ticket, which is ordered via an SMS to a premium-rate number, and is then delivered to your phone. This SMS ticket consists of a text string, validity date and name of the company – but no personal identification. A fictitious example: Public Transport Company ABC, SMS ticket Price XYZ, Validity: from 28.10.07 13:20 to 28.10.07 14:50, code YrQPtMKs7 /52845 Inspectors use a smartphone-like device in order to inspect the ticket: it is checked against a live database of tickets on the company’s database. If the data matches, the show ends here – if not, it depends on local jurisdiction. The process is outlined in (Figure1).

Sand in the turbines

The whole system sounds pretty sensible, but Pavol Luptak from the Slovak security research firm Nethemba ( ) considers it highly unsafe. His method of circumvention is as simple as it is shrewd: a large mass of people gang up in order to share a ticket. This is accomplished via a central server and a small application which is installed onto a smartphone. Participating users (which will be referred to as arsonists from now on, as the word hacker IMHO is not correct here) install the application onto their smartphones. This application connects to a central server via TCP/IP, and can request tickets whenever the user enters public transportation. The ticket is delivered via TCP/IP, and is put into the SMS inbox locally (at no cost to the user). The central server acts as ticket repository. When a ticket request is received from a participating client, the server checks if the ticket it currently has in store is valid. If it is, the ticket is dispatched to the client. If not, a new ticket is requested via a GSM modem card from the public transport company, which is then sent out to the user who requested it. Savings occur when more than one user is given access to the same ticket: if user A and user B ride the tram at the same time, the server requests one ticket and gives it out to both of them. Figure 2 shows the central server.

If you would like to read this article in full version, please use the link bellow to download (only for subscribers)

Comments are closed.