How vulnerable is mobility ticketing to security hacks?

Fighting ticketing fraud is an unending battle. Millions of people use city transport networks each day, making it a huge challenge to ensure each traveller has purchased a genuine ticket and therefore has a valid “right to ride”.

In the event of a ticketing security breach, the impacts can be severe. First, it damages trust with passengers. They pay the fare and expect the operator and authority to deliver a good service, with sufficient levels of security in place to protect data from misuse and prevent fraud. If this requirement is not met, people rightly question if their money – not just from tickets but also through public money invested in transport by the local authority – is being used wisely. The reputational loss often compounds the financial loss and turns the issue from an economic one into a political one as well. This can result in high-profile public servants being removed from their post and/or third-party contracts changing hands.

That’s why security is always at the heart of the Calypso Specifications and why we’re proud that Calypso has never once faced such issues in over two decades of existence. But we’re never blind to the risks and know constant vigilance is required to protect reputations worldwide. This article looks at the importance of building security into the core of your ticketing setup and what can happen if this isn’t in place.

Losing count

The issue of security came back to the fore recently following an investigation into the monotonic counter of the ST25TB-based transportation tickets. Memory tickets of this type typically have lower security protections and Researchers at Amossys Laboratories found that it was possible – without any special tools needed – to manipulate the value stored in the monotonic counter and bypass the protection that should ensure that the counter could only be decremented.

But what is the impact of this discovery?

The majority of the memory in an ST25TB-based ticket can be freely read and written without the need of any type of authentication. This means that fraudulent users could fully read a ticket, use it to travel until no trips are left and then restore the initial data to the ticket, recovering all of the spent trips.

To avoid this kind of fraud, networks relied on the fact that the monotone counter could only be decremented to ensure that the ticket data could not be fully rolled back. This feature, allied with the existence of digital signatures linked to the value of the monotone counter, served as a safeguard against unauthorized ticket data roll back.

Without proper mechanisms that safeguard data on a ticket, the rewriting of all ticket data, including the monotonic counter, could potentially be done with readily available technology in less than 15 minutes.

Security by obscurity

This recent investigation brought attention to the apparent ease with which ST25TB-based tickets could be fraudulently used. Thankfully, this risk was identified before these tickets became commonplace.

Indeed, these types of ticket were still considered somewhat niche as, seeing that they do not follow industry standards for RFID communication, they couldn’t be read or rewritten by a smartphone, instead requiring a specialised reader. If more tickets were deployed, these tickets would inevitably become a more attractive target to fraudsters once they reached the critical mass needed to become profitable. Thankfully, despite the “security by obscurity” flaw in their design, the risks were found by “the good guys” (known as white hats in the security world) before the bad guys (or “black hats”) could exploit it.

Always evolving, addressing threats for over 20 years

Conversely, the Calypso standard has been established for over 25 years, and in that time – thanks to its continued evolution and validated by independent certification – it has not been broken or hacked. Its Secure Session capability, with robust anti-tear mechanisms (protecting any write operation) is predicated on mutual authentication between the card and terminal. This means that only legitimate terminals are able to make changes to the card, that all changes are atomic (i.e. either all changes are made, or the content of the card remains unchanged), and it cannot be rewritten without the correct SAM (Secure Access Module) in place.

Furthermore, all card products require functional certification to prove that they fully conform to the Calypso specifications. All chips for Calypso cards must also achieve an EAL4+ security evaluation minimum or follow dedicated security guidelines.

Calypso Open Standards, developed for the mobility community and by the mobility community, give operators the flexibility to develop and master a sovereign system that meets their needs, safe in the knowledge that security is of the highest level. To ensure that Calypso cards are secure, but also seamlessly interoperable at the contactless protocol level, we have published a list of all approved cards.

Over 170 cities worldwide have already decided to adopt Calypso for their contactless tickets thanks to its low cost yet state of the art security.