If you live in a major city, you probably have a subway system that uses NFC or RFID chips, essentially very weak radios, to store value on a plastic card and supposedly make life easier for everybody. In practice, this is rarely the case. And now apparently the much-vaunted inability of turnstile jumpers to get past these things is also a wash.

Intrepidus Security, being nerds, decided to see what it would take to hack the transit systems cards based on a specific chip, namely San Francisco’s MUNI and New Jersey’s PATH systems. Turns out all they really needed to do was write an app for a smartphone, namely any phone with NFC (near field communication) capability and an OS above 2.3.3, that could find the card’s chip and reset it, giving them ten free rides.

The good news is that Intrepidus are just being nice guys: They warned the subways systems about this last year, but apparently neither party has fixed the . So Intrepidus has issued an app that won’t hack the card, but will tell you the remaining value on it, and whether your system is possible to exploit. In other words, they’re trying to embarrass New Jersey politicians. Good luck with that one, guys.

Original post:

Security company hacks transit systems, puts out app