DEF CON 31 - How Vulns in Global Transportation Payment Systems Cost You - Omer Attias
20,515
2023-09-16に共有
The evolution of public transportation payment systems has been driven by the need for faster, more convenient, and more secure payment methods, and this trend is likely to continue in the years to come, But how secure are mobile payment solutions for public transportation?
In this presentation, we will examine the security risks associated with transportation applications, using Moovit as a case study. Moovit is a widely used transportation app operating in over 100 countries and 5000+ cities. Through our investigation of the app's API, including SSL-encrypted data, we discovered specific vulnerabilities, which we will discuss. We will also demonstrate a custom user interface that can obtain a "free ticket" and cause someone else to pay. Furthermore, we will explain how an attacker could gain unauthorized access to and exfiltrate Personal Identifiable Information (PII) of registered users. Our findings offer practical recommendations to improve the security of transportation apps.
コメント (14)
-
This was a neat talk. I was hoping that the end UI would have implemented and automated the "cancel and use" that was described earlier so one account would purchase, cancel, and enter, then the same for another account which would purchase, cancel, and exit. So there would be no link between entrance and exit. Also curious how the different MaaS operator codes factored into the tickets.
-
a 4 digit 2FA code is kinda ridiculous by any measure lol, that's pathetic and so easily improved. At least go to 6 as a bare minimum! preferably alphanumeric. I do want to add that it's very impressive that you were able to achieve so much with such a fundamentally simple approach. Great work!
-
Thanks for the nice talk. Just wondering did you get the authorization from the operator? or you just used your own one as the victim account? I think according to the policy of vulnerability research, we cannot attack other real world account, right?
-
The noise gate on audio is disgusting :(
-
Great talk!
-
And Auckland's transportation payments system goes belly up/hacked 3 weeks ago???
-
I totally just like to watch cool Defcon talks that are recommended of the best ones each year and pretend like I know what the hell I'm listening to and talking about but essentially from this what I gained is if I figured this stuff out and got the right things together with just my cell phone I should be able to get planes and Trains and Automobiles tickets all for free and just spoof tickets everything and get like Disneyland tickets and shit you're telling me that if I do this right I can get a ticket for a cruise ship and the drink package for free
-
They spend so much time trying to prevent black riding. In Berlin they just randomly check people's tickets on the train. Not very often but sometimes. If you don't have a ticket you have to pay a fine. How much the ticket costs? That's easy. For most situations, there's a short ticket and a long ticket. The short ticket lets you go 3 stops. The long ticket lets you go anywhere. That's it. They don't calculate based on where you get on and off. In your country they spend millions of dollars on ticket gate systems instead of just paying a few people to go around checking tickets at random.
-
Scripts is a good, but without active vulnerabilities, its useless. 😅 By the way, thanks you for the research and the presentation.
-
Codered redux, almost
-
He tryna be funny but he is not
-
"The IDF rides for free," pretty well sums it up. #BDS
-
Tel aviv...