Mobile phone train apps used in major cities in Britain could be manipulated to create free tickets and defraud operators, it has emerged, after activists hacked two public transport apps.

The hackers, who claimed they were campaigning for public transport to be free, said they were able to use the First Bus app and Manchester’s Metrolink app, called “get me there”, to create tickets free of charge. The apps create QR codes that function as virtual tickets when a user pays for a fare and can be scanned, similar to barcodes.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
September 4, 2019 11:55 am

This is one of the damaging effects that can happen when systems transfer to digital or phone-based methods. Abuse of such QR codes and tickets isn’t new, but when not enough money is pumped into the security of an application, this highlights how easy they can be abused.

Such short-sighted security can have damaging effects, and threat actors are always ready to try and take advantage of any flaws, which can have huge consequences on the future trust of such digital tickets. If in the wrong hands, this vulnerability, as harmless as it may seem now, might be exploited the other way around. QR codes could be created to scam commuters to pay, and overpay, straight into the pocket of the hackers.

Last edited 3 years ago by Jake Moore
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x