[Metalab] SMS-Ticket Hacking, Vortrag von Pavol Luptak im Metalab

Andreas Schreiner andreas.schreiner at sonnenmulde.at
Wed Apr 29 23:26:35 CEST 2009


Neues von der Twin-City Achse Wien-Bratislava :-)

Pavol Luptak von Nethemba (www.nethemba.sk) hat sich dazu bereit  
erklärt einen Vortrag über die (Un)Sicherheit von SMS-Ticket Systemen,  
wie sie im öffentlichen Nahverkehr z.B. in Wien eingesetzt werden, zu  
halten. Alle Interessierten sind herzlich eingeladen dazu ins Metalab  
zu kommen.

Wann: Dienstag 5. Mai 2009
Wo: Metalab, Rathausstraße 6, A-1010 Wien, Österreich, Europ... ehschowissn

Der Vortrag wird in Englisch gehalten!


Abstract:

The primary aim of this presentation is to show a serious  
inherentvulnerability in the public transport SMS tickets system  
widely used in many big cities. Firstly, prerequisites for a  
successful hack are described. Then a proposed SMS ticket hacking  
network architecture is outlined, including a SMS ticket hack server,  
SMS ticket mobile hack clients and their encrypted communication  
protocol. The author describes various partial solutions how to fix  
this vulnerability including instructions for attackers how to evade  
them (e.g. by using decentralized private P2P mobile network).  
Finally, an effective countermeasure is proposed: secure SMS ticket  
generation methods based on symmetric/asymmetric cryptography and a  
security improvement of transport inspector?s checking process.  
Despite the fact that public transport companies have already been  
informed about this serious vulnerability, they ignore this fact and  
still use the vulnerable systems.

Weitere Infos:
http://metalab.at/wiki/SMS-Ticket-Vortrag

  .
..:





More information about the Metalab mailing list