Cubic Transportation Systems, distributor of the electronic transit Clipper card, has responded to the recent news of a Ph.D. student in IT Security allegedly breaking the encryption in Clipper and similar transit cards.
According SF Weekly, David Oswald, a student at the Ruhr University of Bochum in Germany, broke the encryption using items purchased through a nearby electronics retailer, and by using “a bit of know-how.” From there, he could potentially load the hacked transit card with free rides or create and sell copies for profit.
Cubic downplays the findings and explains, “the company continually monitors card activity to determine if unauthorized modifications have been made.”
The Metropolitan Transportation Commission (MTC) has still asked Cubic to reevaluate the Clipper system, and Cubic is “considering this request.” Cubic also plans to use a new, less-vulnerable chip in Clipper cards this year.
Read more here.