Public Transport Apps Hacked

By   ISBuzz Team
Writer , Information Security Buzz | Sep 04, 2019 03:53 am PST

Mobile phone train apps used in major cities in Britain could be manipulated to create free tickets and defraud operators, it has emerged, after activists hacked two public transport apps.

The hackers, who claimed they were campaigning for public transport to be free, said they were able to use the First Bus app and Manchester’s Metrolink app, called “get me there”, to create tickets free of charge. The apps create QR codes that function as virtual tickets when a user pays for a fare and can be scanned, similar to barcodes.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Global Cyber Security Advisor
InfoSec Expert
September 4, 2019 11:55 am

This is one of the damaging effects that can happen when systems transfer to digital or phone-based methods. Abuse of such QR codes and tickets isn’t new, but when not enough money is pumped into the security of an application, this highlights how easy they can be abused.

Such short-sighted security can have damaging effects, and threat actors are always ready to try and take advantage of any flaws, which can have huge consequences on the future trust of such digital tickets. If in the wrong hands, this vulnerability, as harmless as it may seem now, might be exploited the other way around. QR codes could be created to scam commuters to pay, and overpay, straight into the pocket of the hackers.

Last edited 4 years ago by Jake Moore

Recent Posts

Would love your thoughts, please comment.x