Under the premise of highlighting some vulnerabilities in Muni's contactless fare card system, two analysts with New York security consulting firm Intrepidus Group have created an app that allows riders to use an Android smartphone to unlock unlimited free rides with a paper Muni fare card.

The app, which Intrepidus analysts Corey Benninger and Max Sobell aren't sharing with the general public in it's fare share-shirking form, works by exposing a flaw in the NFC (near field communication) chips embedded in the paper fare cards. Unlike the more sophisticated plastic Clipper Cards, the chips in the disposable paper cards were never meant to be reloadable. They are reloadable, of course, because the city would hate to waste a perfectly good piece of paper, and the Intrepidus app works by simply resetting the number of rides left on the ticket. Essentially the same as if you went to a Muni kiosk and reloaded with cash, but it's all done for free with an NFC-enabled smartphone.

Benninger and Sobell, who discovered the flaw in Muni and New Jersey's Path train system, say they alerted the SFMTA to the gaping security hole last November and it is apparently still open to exploitation. "I coded the app in one night," Benninger told Computerworld last week, "and I'm not a coder so if somebody knows what they are doing it is pretty easy to do." Since you can't grab a cup of coffee in this town without hearing about someone's new app, one might wonder why there aren't more people offering discounted Muni ticket reloads from makeshift handheld Muni kiosks — a sort of high-tech step up from the guy hawking a stack of illegal Muni transfers.

Because paper Muni fare cards only hold one or two rides at a time and only has a 90-day lifetime, the idea of reloading it after every ride doesn't seem very practical. In fact, the regional Metropolitan Transportation Commission says they "have not seen any discernible change in limited-use tickets," meaning it's unlikely that anyone on the street has whipped up a similar app of their own. Like anything with the Municipal Railroad, a fix will be delayed, if it comes at all. Cubic, the company that designed the Clipper system, is currently investigating whether it makes more sense to fix the problem or just live with the possibility of a few nerds endlessly reloading their crumbling paper cards.

[Chron]
[ComputerWorld]