STIB: Security by Obscurity

STIB Ticket

A lot of blog posts already covered the security issue which affected the STIB (The public transportation company in Brussels). I”ll not rewrite the facts here.

The Belgian French television made a story [in French] about this problem. The journalist interviewed the STIB spokeman. During the interview, he said:

“Il y a des données qui peuvent apparaître en clair, à condition d’avoir les logiciels et le matériel approprié, mais ce n’est pas en clair, il faut avoir un terrible matériel.” [Translation: “Using appropriate software and hardware, there are data that may appear not encrypted. But it’s not the case, your must use a strong infrastructure to read them.“]

What do this guy mean by “strong infrastructure”? A RFID reader is available for only a few Euros and the source code is available for free.

This is a good example of security by obscurity. There is a real risk is to see geeks performing war-driving with RFID readers like they started to do a few years ago to find unsecured Wi-Fi access points. Only the encryption of data stored on the RFID chip could solve this issue!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.