The Toronto Transit Commission or TTC for short is a transit system that is behind the times. Most notably in the way you pay your fare as it still uses tickets, tokens and paper transfers. All of that is very 20th century. But in the interests of being hip and cool during the Pan Am Games which is being held in Toronto, the TTC released an app called TTCconnect that allows users to buy day passes on their iOS or Android smartphone. That’s a positive step forward, right?
It is, unless someone decides to pwn the TTC to get free rides while looking like they have legitimately paid a fare via their smartphone. Oh, wait. Someone did. Here’s what Metro News had to say:
Dan Crampton posted an app that spoofs TTCconnect to GitHub, a popular code hosting website, on Saturday. The visual effects, the colour changes, and the scrolling logo the developers included to deter forgers are all identical to the real thing, he said in an email.
“It was really, really, really easy,” he wrote. “It’s some basic animations, a TTC logo, and some text using the default iOS system font.”
Crampton said he has no intention of using his app. He called anyone who does an “idiot.”
“I don’t know how much [the TTC] spent on it, but it’s a pretty terrible product. I don’t know how anyone would look at this and think ‘Yes, this is a good idea,’” he wrote.
The TTC says that anyone caught using this spoofing technique will get nailed by the cops. But let’s face facts. The TTC, and perhaps Bytemark Inc. who is a NYC based company who wrote the app for them likely didn’t really think this through in terms of saying “Hey, we want to provide this service. But let’s not open up ourselves to getting pwned.” Plus I suspect, but I have no proof that they might have done this at the last minute to have it available for the Pan Am Games.
Now to be fair, the TTC is moving towards using Presto which is an electronic payment system similar to those used in cities such as London UK. But the fact is that if it rolled out that system or one like it years ago, we would not be talking about this less than well thought out app now.
Related
This entry was posted on July 15, 2015 at 1:32 pm and is filed under Commentary with tags Hacked, Security, TTC. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
TTC Releases App To Pay For Fares…. It Quickly Gets Spoofed To Enable Free Fares
The Toronto Transit Commission or TTC for short is a transit system that is behind the times. Most notably in the way you pay your fare as it still uses tickets, tokens and paper transfers. All of that is very 20th century. But in the interests of being hip and cool during the Pan Am Games which is being held in Toronto, the TTC released an app called TTCconnect that allows users to buy day passes on their iOS or Android smartphone. That’s a positive step forward, right?
It is, unless someone decides to pwn the TTC to get free rides while looking like they have legitimately paid a fare via their smartphone. Oh, wait. Someone did. Here’s what Metro News had to say:
Dan Crampton posted an app that spoofs TTCconnect to GitHub, a popular code hosting website, on Saturday. The visual effects, the colour changes, and the scrolling logo the developers included to deter forgers are all identical to the real thing, he said in an email.
“It was really, really, really easy,” he wrote. “It’s some basic animations, a TTC logo, and some text using the default iOS system font.”
Crampton said he has no intention of using his app. He called anyone who does an “idiot.”
“I don’t know how much [the TTC] spent on it, but it’s a pretty terrible product. I don’t know how anyone would look at this and think ‘Yes, this is a good idea,’” he wrote.
The TTC says that anyone caught using this spoofing technique will get nailed by the cops. But let’s face facts. The TTC, and perhaps Bytemark Inc. who is a NYC based company who wrote the app for them likely didn’t really think this through in terms of saying “Hey, we want to provide this service. But let’s not open up ourselves to getting pwned.” Plus I suspect, but I have no proof that they might have done this at the last minute to have it available for the Pan Am Games.
Now to be fair, the TTC is moving towards using Presto which is an electronic payment system similar to those used in cities such as London UK. But the fact is that if it rolled out that system or one like it years ago, we would not be talking about this less than well thought out app now.
Share this:
Like this:
Related
This entry was posted on July 15, 2015 at 1:32 pm and is filed under Commentary with tags Hacked, Security, TTC. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.