« mvsha1dir: Move a file to a hash-named directoryFB's Software Doesn't Seem Worth Billions »
Apr 27

Did I Get Socially Engineered on PATH?

hacks, wtf?

(Short version: prolly not.)

I ride the PATH almost daily to get to work at NYU. Yesterday, a curious thing happened. At first, it made me pretty angry. Later, I realized I might have been the victim of (a rather insignificant form of) social engineering.

Background: Most commuters use PATH's smartcard-based token system -- SmartLink -- that you can fill with "rides" and simply touch the card to a reader in order to go through PATH's turnstiles. (Many commuters like myself use the before-tax WageWorks program to buy monthly unlimited-rid passes.) On weekday mornings, the flow of people through the dozen or so turnstiles can be hectic with everyone trying to get through as efficiently as possible to make the next train to NYC. Naturally, small lines -- 3 or 4 people long -- form as people wait to present their SmartLink card to the reader device and pass through.

The Sitch: So, yesterday, I was waiting my turn in line. The guy in front of me touches his wallet to the reader and pushes through. BTW, it takes some significant amount of time between when the card is read and when the turnstile is unlocked. I put my card up to the reader and only at the last second see that the guy before me got a "read error" on his card. Usually, you just back up a bit, put your card back on the reader and it lets you through. However, because I had just put my card up to the reader, it read my card. It unlocked the turnstile with my card and the guy in front of me went through.

...

This guy had effectively used my card to get him through!

I said, "Hey, that was mine!" He glanced back for a split second and said, "Sorry." and hurried off. (To be fair, everyone hurries at 8a in the morning in the Hoboken Terminal PATH.)

I was essentially screwed. My unlimited-ride (monthly) card is restricted such that you can't use it twice within 18 minutes! I had to take out my MetroCard -- the NYC Subway form of payment, also accepted by PATH -- and spend $2.10 to get through the turnstile.

I tried to find the guy. I'm not sure what I would have done but I was seriously pissed off. I would have, at least, channeled my inner newjersian and chewed the shit out of him.

At first, I chalked this up to some Hoboken dumbass who doesn't know how to use the damn turnstile readers. (There are good people in Hoboken, but there is one particular strain of entitled, frat-boy douchebag that is particularly entrenched and unpleasant.)

As I thought about it over the day, I realized it could have easily been a case of social engineering. It's just a matter of having an efficient queue of unaware PATH commuters lined up at turnstiles. You get in line, put any RFID-based smartcard up to the reader -- I bet many will cause a read error, though I don't know for sure -- and push up against it. If the person behind you isn't paying attention -- and why would they? -- they'll authorize the turnstile with their own card and you can go through. And you'd better hide; they'll be pissed! ::)

No feedback yet

Contact / Help. (cc) 2021 by Joseph Hall. b2 / web hosting / blog ads.
Design & icons by N.Design Studio. Skin by Tender Feelings / Evo Factory.
Entries RSS Comments RSS Log in
And a few words about the structure of the eye . Everyone " retina ". Especially often we hear it buy clomid online in the phrase " retinal detachment ." So what is the retina ? This - the front edge of the brain, the most distant from the brain part of the visual analyzer. The retina receives light first , processes and transforms light energy into irritation - a signal that encodes all the information about what the eye sees . The retina is very complex and in their structure and function . Its structure resembles the structure of the cerebral cortex. The shell of the retina is very thin - about 0.14 mm.