Security researchers in the US have discovered security holes that can allow commuters paying with NFC-enabled Android devices to have unlimited free rides on public transport.
Matteo Collura, 18, and Matteo Beccaro, 19, presented their findings before the hacking conference DefCon last weekend, tech site Mashable reported.
"You can get free rides for your life," Beccaro said at the hacking conference Saturday.
The report said the security holes allow attackers to time-stamp tickets with an NFC-enabled Android phone and turn a limited-ride ticket into an unlimited one.
Collura and Beccaro, who studied ticket security after Turin started using NFC-enabled cards in January, added the hacks are fairly easy to reproduce.
Becarro also noted they learned how the chips worked via advertisements on websites.
The two stamped several tickets and used a NFC reader costing less than $50 to see what happened inside the chip - whose data was not encrypted.
Both saw part of the ticket that allowed them to turn the OTP sector in read-only mode, meaning the data can't be modified.
This means the stamping machine can no longer change anything on it.
"After you lock the OTP sector, you do not have to do anything else to the ticket, ever. So, do it once and you get an unlimited-rides ticket," Beccaro told Mashable.
Also, Collura and Beccaro noticed the timestamp, which is used to determine whether the ticket must be stamped again, was stored in a part of the chip set in read and write mode, meaning anyone could read and write to it.
This meant that even after the 90-minute time frame for the ticket, one simply needed to scan the ticket with an NFC-enabled device and change the date.
"It's like stamping the ticket by yourself," he said.
The two offered a firmware update on the stamping machines so they would refuse to validate a locked ticket.
Mashable said the two also notified Turin's transportation agency, which said they fixed the first bug on streetcars and the buses — but not yet on the subway. — TJD, GMA News