The OVChipkaart as the public transportation travel card has been called in the Netherlands is now officially dead. In the last period of time people wrote software that allowed regular users to modify their Chip so that they could travel for free. The changes were still detectable because you needed to checkin and checkout via the poles at the stations or within the transport device itself.
New software had been developed after that (and tested by a reporter, Brenno de Winter) which allowed one to modify the card, do a checkin from your home place (with the location, time etc if your checkin specified) , and checkout. These changes are undetectable for the transportation companies, even when checked by tranportation officials the hacks were not detectable. Which basically means that you can travel for free and undetected.
Someone is going to release this software soon, or actually already had, and is now circulating at the Pirate bay.
What do we learn from this? That making things more and more electronically available makes us prone to these kind of attacks. Ofcourse people are going to test this and use this, you can travel for free which could lead up to a massive saving on travel expenses. Yeah the TLS (Company that is responsible for this Failcard) is saying that they will be switching to a more modern chip which is better protected, but still it’s a matter of time before it will be broken again and the story continues.
The damages that occur through this will ofcourse be put back on the users and the community, like the entire investment that had been done is from community-driven
money. Nobody actually wants the card, and as mentioned the electronic facilities just makes us prone for this.
After the Electronic PAtiens file (EPD) which has the same potential problems, which are more huge then this one, and various other digital registrations and stuff, we will
have a situation where the entire economy will crash because it had been hacked by a smart little guy in a hidden attic. With Big Brother watching us he will be quickly
found and taken out of operation, but the damages are already occured.
So my request is actually : STOP MAKING WORKING THINGS ELECTRONICALLY AVAILABLE. KISS (Keep It Simple Stupid) is the best method for government controlled things, as more simple it is, the more simple it is to detect fraud, keep it in hands and make sure that the above things CANNOT happen.
A big bow to George Orwell, who envisioned these kind of things a long time ago, before the process started to expand rapidly.