Three MIT students who were sued by the Massachusetts Bay Transit Authority over their research into subway card vulnerabilities are now working with the transit authority to improve the fare collection system.
The lawsuit against the students was dismissed after a judge lifted a gag order in August that prevented the students from discussing their work. The students had planned to present their research at the Defcon hacker conference in Las Vegas on August 10, but canceled their presentation after a judge granted the MBTA's request for an injunction the day before.
"This is a great opportunity for both the MBTA and the MIT students. As we continue to research ways to improve the fare system for our customers, we appreciate the cooperative spirit demonstrated by the MIT students," MBTA General Manager Daniel Grabauskas said in a statement published on the Electronic Frontier Foundation Web site on Monday. EFF attorneys represented the students in their legal defense.
One of the students, Zack Anderson, was quoted as saying: "We've always shared the goal of making the subway as safe and secure as can be. I am glad that we can work with the MBTA to help the people of Boston, and we are proud to be a part of something that puts public interest first."
As part of their presentation, entitled "The Anatomy of a Subway Hack: Breaking Crypto RFIDs and Magstripes of Ticketing Systems," the students planned to describe several attacks to break the CharlieCard, an RFID card that the MBTA uses on the Boston T subway line.