August 11th, 2008
Hack-the-T presentation hits the Web
So, the presentation of hacking the T that three MIT students were barred from presenting is now on the Web, hosted on MIT’s own servers. Apparently, this is OK because the presentation was included in the MBTA’s complaint.
News.com reports though that MBTA says the availability of the PowerPoint doesn’t obviate the need for the injunction.
“The MBTA will reserve comment on the substance of the presentation until staff has had a sufficient period of time to thoroughly review the information, and meet with the students and their professor.”
Key to the injunction is that it forbids not only the presentation but also the release of code the students planned to release at web.mit.edu/zacka/www/subway/. A planned demo of this code was a major point of controversy in the hearing on Saturday. The EFF lawyer emphasized that while the students relied on techniques in the public domain, their special contribution was finding a way to determine the checksum on the CharlieCard, according to a recording of the hearing (WMA).
It’s a demonstration that the technology needs improvement but without providing a critical ingredient for an attacker. They’ve presented the existing information in their academic field, what new research they’ve done to push the envelope but they have responsibly decided to withhold a piece of information that would allow anybody to make a fraudulent fare card.
But MBTA’s lawyers said that the students intended to release open source libraries and other code intended to make it easy for others to hack into the system.
EFF claimed the software tools are not targeted to hacking MBTA’s system but “generalized tools for reading magnetic cards, for analyzing information on cards and for using open source radio software to listen to signals from RFID cards. They are not tools that some malicious hacker could come along and use.”
