[Metalab] SMS-Ticket Hacking, Vortrag von Pavol Luptak im Metalab
Andreas Schreiner
andreas.schreiner at sonnenmulde.at
Wed Apr 29 23:26:35 CEST 2009
Neues von der Twin-City Achse Wien-Bratislava :-)
Pavol Luptak von Nethemba (www.nethemba.sk) hat sich dazu bereit
erklärt einen Vortrag über die (Un)Sicherheit von SMS-Ticket Systemen,
wie sie im öffentlichen Nahverkehr z.B. in Wien eingesetzt werden, zu
halten. Alle Interessierten sind herzlich eingeladen dazu ins Metalab
zu kommen.
Wann: Dienstag 5. Mai 2009
Wo: Metalab, Rathausstraße 6, A-1010 Wien, Österreich, Europ... ehschowissn
Der Vortrag wird in Englisch gehalten!
Abstract:
The primary aim of this presentation is to show a serious
inherentvulnerability in the public transport SMS tickets system
widely used in many big cities. Firstly, prerequisites for a
successful hack are described. Then a proposed SMS ticket hacking
network architecture is outlined, including a SMS ticket hack server,
SMS ticket mobile hack clients and their encrypted communication
protocol. The author describes various partial solutions how to fix
this vulnerability including instructions for attackers how to evade
them (e.g. by using decentralized private P2P mobile network).
Finally, an effective countermeasure is proposed: secure SMS ticket
generation methods based on symmetric/asymmetric cryptography and a
security improvement of transport inspector?s checking process.
Despite the fact that public transport companies have already been
informed about this serious vulnerability, they ignore this fact and
still use the vulnerable systems.
Weitere Infos:
http://metalab.at/wiki/SMS-Ticket-Vortrag
.
..:
More information about the Metalab
mailing list