March 10, 2009 Opinions

The STM’s OPUS card is unsafe and unsound

One cent of aluminium foils the $217 million OPUS system

by Ginger Coons

One penny cankeep identity thieves from making away with your personal information and where you have been on the island of Montreal.
GRAPHIC Ginger Coons

Here's an experiment: take your OPUS card, take some aluminium foil and wrap the foil around your OPUS card covering it completely. Now, find a metro turnstile and try swiping your OPUS card. What happens? Absolutely nothing.

An OPUS card wrapped in aluminium foil is completely useless and unreadable.

Your OPUS card has a special component called a Radio Frequency Identification tag. That means that there is an integrated circuit and antenna inside every OPUS card—and in the wallets or pockets of nearly every student in this city.

RFID tags are used to transmit information through the air using radio waves. The OPUS card uses a passive tag, meaning that your metro card doesn't transmit on its own but replies to signals emanating from RFID readers—the turnstile you pass through in the metro station.

RFID tags have a lot of uses: they track inventory, livestock and people; they are also used to time races more accurately, store personal information on passports and even bill users of toll highways. Whenever you wave a card to get through a locked door, that's RFID in action. The same goes for contactless credit cards.

As the price of RFID technology has gone down, their adoption has skyrocketed.

Mifare

What we call the OPUS card is actually based on the Mifare chip. Sold by the Dutch company NXP Semiconductors, Mifare is the most widely used contactless smart card in the world—over one billion Mifare cards exist.

There exists one major problem with Mifare. The most widely adopted version, Mifare Classic, isn’t safe. It was cracked in March 2008 by a team of Dutch researchers at Radboud University Nijmegen—it was cracked even before the Société de transport de Montréal decided to buy it.

After the researchers broke the encryption on the chips, they brought an RFID reader to a subway station and began to read data from the cards kept in the pockets of transit users. The researchers went on to publish a paper on the subject. You can read it on their website.

Now, a hobbyist with about $100, an internet connection, and a little technical knowledge can collect and decipher the data kept on Mifare Classic cards.

Mifare Classic chips can be hacked, cracked and cloned.

A hack to not pay fare for the Charlie Card in Boston was published by a group of MIT students. For a class project, the students identified several security problems in the Massachusetts Bay Transportation Authority smartcard system. The vulnerabilities they documented were accompanied by instructions for cloning and overwriting Charlie Cards.

Lessons from London

One of the most well documented uses of Mifare chips is the Oyster card in London, England. It's a case of security gone wrong. The Oyster card used on London’s transit system works like OPUS, but with more sophistication. Oyster cards can be charged online, over the phone, in machines or in ticket offices. They're swiped on the way into the Underground, but unlike Montreal they are also swiped on the way out. That's important. It means that Transit for London, the organization controlling Oyster cards, knows where a given customer has come from and gone to, as well as their name and personal information. That data is stored for eight weeks.

It gets worse. Over the course of two years, TfL received 436 requests from police for information on people’s movements in the system. Of those requests, 409 were granted, with no warrant required.

Oyster cards are also based on the Mifare chip.

Why OPUS?

The STM has spent $217 million implementing the OPUS card. OPUS is currently used on STM buses, subways, AMT trains and Laval, Longueuil and Quebec City’s transit system. By July 1, 2008, 16,490 OPUS cards were in use in Montreal’s system—a shadow of the 219 million who use the system annually.

The OPUS card is meant to save the STM $20 million dollars a year by preventing fraud. If it works as planned, the system’s cost could be recouped in 11 years.

Does the OPUS card prevent fraud? Let's just say that on my way to school today, I watched three teenage boys jump the turnstiles without attracting the attention of the STM agent on duty.

Why aluminium foil?

For as little as a $100 and with readily available materials, it's possible to build an RFID reader. That may not seem like a problem to regular users of the OPUS card, used to pressing it against the turnstile. If all RFID readers were as weak as the ones owned by the STM, potential identity thieves would have to get pretty cosy with their victims.

There's a problem with that assumption. Not all RFID readers are as weak as the ones in metro stations. A good reader can read an RFID tag from 10 metres away.

Different RFID tags work on different frequencies. OPUS cards have high frequency RFID tags. They use radio frequencies between three and 30 MHz. These frequencies become very difficult to read when they're shielded by metal. By wrapping your OPUS card in aluminium foil, you prevent RFID readers from querying it. The radio waves just don't make it through.

Should you really wrap your OPUS card in aluminium foil? It's a little impractical. You'd need to unwrap it every time you wanted to use the metro. That's a personal decision.

Should you be worried? Maybe. We don't yet know how much information the STM keeps about ride history and personal details. We don't know whether that information is stored on your card or in a central database—and that’s the problem. Until we know more about what the STM is doing to protect its users, it's worth being cautious and vocal.

Until I know just what they've got on me, I will refuse to buy an OPUS card and will pay more for an adult magnetic swipe card.