August 10th, 2008

The MBTA just got a restraining order to prevent three MIT undergrads from giving a talk at Defcon.

A federal judge on Saturday gagged three Massachusetts Institute of Technology undergraduates from publicly presenting research at Defcon demonstrating gaping holes in the electronic payment systems of one of the nation's biggest transit agencies.

Attorneys for the Electronic Frontier Foundation, which are representing the trio, said they directed the students to pull the talk, which had been scheduled for Sunday. They said the order constituted an "illegal prior restraint" on their clients' free-speech rights.

"It's a very dangerous precedent," EFF staff attorney Marcia Hoffman told reporters at the Defcon hacking conference in Las Vegas. "Basically, what the court is suggesting here is that giving a presentation involving security to other security researchers is a violation of federal law. As far as I know, this is completely unprecedented and it has a tremendous chilling effect on sharing this sort of research."
There’s a saying at Defcon that the best way to spread information is to get hit with a restraining order. Freedom of information is a big deal here and anything suppressing that is met with extreme resistance. But in this case, the attendees really don’t have to do too much work because the Transit Authority placed the talk slides into the addendum of the temporary restraining order request and everything is now in public record. Furthermore, the slides are in the official Defcon CD – something which more than 5000 people have right now. So you have a classic case of the horse is already out of the barn.
The CharlieCard is based on a MIFARE Classic RFID card producd by NXP. The card secures its data and transactions using a proprietary encryption algorithm called Crypto-1. Karsten Nohl, et al. of the University of Virginia reverse-engineered this algorithm and found serious vulnerabilities. These vulnerabilities allow one to recover the key from a card in less than 30 seconds. Armed with a key, an attacker can copy someone's card remotely. Although we have not absolutely verified this, we have strong reason to believe all CharlieCards use a common key.

We have not used the CharlieCard key to read CharlieCards, so we cannot comment for certain about the data on the card. We have evidence to show that the card has a stored value, which makes it vulnerable to the same forgery attacks detailed in the CharlieTicket section. Likewise, it is vulnerable to cloning attacks too, meaning the above scenario would not steal money from the people in the street, but rather, it would duplicate the value on those cards.

Edit: There is a link from The Tech ( which includes all the relevant documents submitted for the temporary restraining order.

The presentation slides are here: (thanks to redbird for the link). As has been pointed out, they are nowhere as informative as the above vulnerability assessment. adds:
"Hofmann said it's unclear right now whether the EFF will continue to represent the students if further litigation is pursued, given that they have no one on staff who can practice in Massachusetts. They will have to evaluate the situation when and if it comes up."