Pavol Luptak
CEO of Nethemba - Slovak IT security company founded in 2007, primarily focused on web application security and various penetration tests.
Public Transport Company ABC, SMS ticket Price XYZ, Validity: from 28.10.07 13:20 to 28.10.07 14:50, code YrQPtMKs7 /52845
Text
REGISTER PERSONAL_USER_IDNUMBER or REGISTER PERSONAL_USER_BIRTHDATE
Despite the fact that public transport companies have already been informed about this serious vulnerability, they ignore this fact and still use the vulnerable systems. We are not aware of any public transport SMS tickets which are not vulnerable to this kind of attacks.
Syntax of SMS parking request sent to the specific number - ParkingTime_CarPlateNumber
Parking Time – in hours (Bratislava) or in minutes (Vienna)
Car Plate number – you can pay for parking of an arbitrary car (not only yours!)
Mastercard PayPass, VISA PayWave
Used tools
Maximum Reading Distance
And the results!
Potential risks
Protection
By Pavol Luptak
Since 2007 when Nethemba was started, we have begun to focus on public research projects. One of the reasons was that we were aware of a lack of security in technologies most people use daily, the second one, was a need of being different compared to our IT security competition, especially in Czech and Slovak republic. During the period 2007-2015, we published many security-related articles, blogs, and papers. We would like to discuss the most important ones with the considerable impact.
CEO of Nethemba - Slovak IT security company founded in 2007, primarily focused on web application security and various penetration tests.