Eric Butler's Android app FareBot uses the RFID reader built into the Nexus S Android phone to sniff RFID-enabled transit cards, some of which carry unencrypted ride histories, making them vulnerable to reading by anyone who brushes past you (Butler dryly notes, "Transit agencies across the board should do a better job explaining to riders how the cards work and what the privacy implications are."). Butler's app is just the first step in building software-based transit-card cloners/replacements that allow you to download transit credit to your mobile phone and swipe your phone to pay for fares. Presumably, putting the RFID emitter into a programmable PC will allow for a higher degree of privacy and security for card-users.
Because many of these systems are new, there is often a limited number of places to buy a card and/or add value, especially outside the city center. This presents a great opportunity for NFC-equipped smart phones which, in addition to being able to read cards, also have the capability to emulate a card. No matter how far to the edge of an agency's service area you are, it should be possible to download the ORCA or Clipper app and hop the next bus, streetcar, train, or boat. Apps could link with existing payment infrastructure such as Google Checkout for quick payments without additional setup, and for international travelers looking to get around, apps could support multiple languages and automatic currency conversion.
Typically there is a tradeoff between a transit fare system's level of security and the cost of a card, as the cards with better security are more expensive. Smart phones on the other hand already have the capability to do real cryptography, so there's potential to build a much more secure system while not requiring substantial changes to existing reader infrastructure.
FareBot itself may not appear very useful, but I hope it will seen as a demonstration of what's possible for the future as NFC becomes pervasive. It can be downloaded now from the Android Market, just keep in mind that the current version is not at all complete. If you're a developer and interested in exploring what's stored on cards around the world, I hope you'll check out the source code and contribute. For everyone else – never worry about if you have enough bus fare again!
FareBot: Read data from public transit cards with your NFC-equipped Android phone
(via O'Reilly Radar)
- Boing Boing: UK RFID passports cracked
- Berlin hacker con will use RFID badges to simulate life in a …
- Boing Boing: Personal firewall for the RFIDs you carry
- RFID Guardian, open hardware/software to firewall your RFID tags …
- Dutch RFID transit pass cracked and cloned – Boing Boing
- Wash., DC transit authority uses proprietary RFID system, gets …
- Transit authority uses proprietary RFID system, gets fucked …
- HOWTO graft the RFID from a payment-card onto your phone – Boing Boing