Skip to main content

Insecurity of the ORCA regional transit not-so-smart card

FareBot_and_ORCA_photo_by_Matt_Fikse_Verkerk_fit_300x300Since its inception, UW CSE researchers have raised concerns regarding the security and privacy aspects of Seattle’s ORCA (“One Regional Card for All”) regional transit smartcard.

Now “there’s an app for that” – FareBot, which enables any NFC-equipped Android phone to extract the data from ORCA (and similar transit smartcards in San Francisco, Singapore, and Japan).

FareBot, created by Seattle software developer Eric Butler, builds upon work by UW CSE’s Karl Koscher.

Crosscut reports on the app today in two articles – one headed “Can you say ‘security breach?'”

“The Geeks Who Cracked the ORCA Card”

“Smart card: What your ORCA never forgets”

FareBot

February 13, 2013