Mobile phone train apps used in major cities in Britain could be manipulated to create free tickets and defraud operators, it has emerged, after activists hacked two public transport apps.

The hackers, who claimed they were campaigning for public transport to be free, said they were able to use the First Bus app and Manchester’s Metrolink app, called “get me there”, to create tickets free of charge. The apps create QR codes that function as virtual tickets when a user pays for a fare and can be scanned, similar to barcodes.

Experts Comments

September 04, 2019
Jake Moore
Cybersecurity Specialist
ESET
This is one of the damaging effects that can happen when systems transfer to digital or phone-based methods. Abuse of such QR codes and tickets isn’t new, but when not enough money is pumped into the security of an application, this highlights how easy they can be abused. Such short-sighted security can have damaging effects, and threat actors are always ready to try and take advantage of any flaws, which can have huge consequences on the future trust of such digital tickets. If in the wrong .....Read More
This is one of the damaging effects that can happen when systems transfer to digital or phone-based methods. Abuse of such QR codes and tickets isn’t new, but when not enough money is pumped into the security of an application, this highlights how easy they can be abused. Such short-sighted security can have damaging effects, and threat actors are always ready to try and take advantage of any flaws, which can have huge consequences on the future trust of such digital tickets. If in the wrong hands, this vulnerability, as harmless as it may seem now, might be exploited the other way around. QR codes could be created to scam commuters to pay, and overpay, straight into the pocket of the hackers.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.