Mobile phone train apps used in major cities in Britain could be manipulated to create free tickets and defraud operators, it has emerged, after activists hacked two public transport apps.

The hackers, who claimed they were campaigning for public transport to be free, said they were able to use the First Bus app and Manchester’s Metrolink app, called “get me there”, to create tickets free of charge. The apps create QR codes that function as virtual tickets when a user pays for a fare and can be scanned, similar to barcodes.

Mobile phone train apps used in major UK cities could be manipulated to create free tickets and defraud operators, after activists hacked two public transport apps https://t.co/VYaD5P7Fg8

— Telegraph Technology Intelligence (@TelegraphTech) September 3, 2019

September 04, 2019

Jake Moore

+ Follow Me - UnFollow Me

Cybersecurity Specialist

ESET

This is one of the damaging effects that can happen when systems transfer to digital or phone-based methods. Abuse of such QR codes and tickets isn’t new, but when not enough money is pumped into the security of an application, this highlights how easy they can be abused. Such short-sighted security can have damaging effects, and threat actors are always ready to try and take advantage of any flaws, which can have huge consequences on the future trust of such digital tickets. If in the wrong .....Read More

This is one of the damaging effects that can happen when systems transfer to digital or phone-based methods. Abuse of such QR codes and tickets isn’t new, but when not enough money is pumped into the security of an application, this highlights how easy they can be abused. Such short-sighted security can have damaging effects, and threat actors are always ready to try and take advantage of any flaws, which can have huge consequences on the future trust of such digital tickets. If in the wrong hands, this vulnerability, as harmless as it may seem now, might be exploited the other way around. QR codes could be created to scam commuters to pay, and overpay, straight into the pocket of the hackers.  Read Less

Like(2)  (0)

×

Linkedin Message

@Jake Moore, Cybersecurity Specialist, provides expert commentary at @Information Security Buzz.
"Such short-sighted security can have damaging effects, and threat actors are always ready to try and take advantage of any flaws...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/public-transport-apps-hacked

Copy this message and share on your Linkedin profile. Thanks! COPY

×

Facebook Message

@Jake Moore, Cybersecurity Specialist, provides expert commentary at @Information Security Buzz.
"Such short-sighted security can have damaging effects, and threat actors are always ready to try and take advantage of any flaws...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/public-transport-apps-hacked

Copy this message and share on your Facebook profile. Thanks! COPY

Please login to comment.

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *

Your Registered Email *

Notification Email (If different from your registered email)

* By using this form you agree with the storage and handling of your data by this web site.

SUBMIT

Thank you, your expert comments have been submitted for review.

×

Upload Content

Youtube Link  

Image  

---

Youtube Link (Ex: https://www.youtube.com/watch?v=eUxUUarTRW4 )

Add

Uploading the content. Please wait....

Submit

×