MBTA, MIT Students Work to Secure CharlieCard Fare System

December 26, 2008

Following the dismissal of a federal lawsuit brought by the Massachusetts Bay Transit Authority (MBTA) against three MIT student researchers for their research into subway card vulnerabilities, the parties agreed to work together to identify and help improve security in the MBTA's Automated Fare Collection System.

The student presentation in question was titled "The Anatomy of a Subway Hack: Breaking Crypto RFIDs and Magstripes of Ticketing Systems."

The students were exploring how to hack CharlieCard, an RFID card that the MBTA uses on the Boston T subway line.

Pleased with the outcome, MBTA General Manager Daniel A. Grabauskas said, "This is a great opportunity for both the MBTA and the MIT students. As we continue to research ways to improve the fare system for our customers, we appreciate the cooperative spirit demonstrated by the MIT students."

"The best way to fix these problems is to approach them head on," said one of the students, RJ Ryan. "Now that we are on the same page, I am confident that we will be able to resolve the issues we discovered."

"We've always shared the goal of making the subway as safe and secure as can be," said student Zack Anderson. "I am glad that we can work with the MBTA to help the people of Boston, and we are proud to be a part of something that puts public interest first."

The MBTA and the researchers are working to make improvements to the fare collection system that will be as straightforward and inexpensive to address as possible.

The MIT students were represented in the lawsuit pro bono by the Coders' Rights Project of the Electronic Frontier Foundation (EFF). EFF was assisted in this case by the ACLU of Massachusetts Legal Director John Reinstein and Fish & Richardson attorneys Adam Kessel, Lawrence Kolodney, and Tom Brown.