Perth university student hacks SmartRider travel card

[Derwan]

http://www.news.com.au/technology/online/hacking/perth-university-student-hacks-smartrider-travel-card/news-story/98e0abad59e2509a9a1a3fc5901eb38d

Perth university student hacks SmartRider travel card

A STUDENT'S university research went horribly wrong when he found himself being charged with fraud.

Jack Carruthers, a student at Murdoch University in Perth, managed to hack into the city's public transport travel smartcard with a classmate and collected $18 worth of free trips.

But Mr Carruthers didn't do it to rort the government and break the law, he simply did it for his university club, Hack the Planet — a group for technically minded individuals to share ideas, collaborate on projects and compete in challenges.

Mr Carruthers, the president of the Hack the Planet group, discovered a hole in Perth's SmartRider system, which allowed him to rewind charges and keep money on the card.

IT publication The Register reports the computer sciences student then went to TransPerth and fessed up about his hacking, so they were aware of some of the flaws in the travel system.

His confession however backfired and resulted in him being charged. Mr Carruthers has pleaded not guilty.

WA Today reports Mr Carruthers rorted the travel smartcard because he was "pressured and desperate" to get Hack the Planet a stall at a university open day.

At first, the group decided to use the smartcard data to show people on Google Maps the trips they'd taken.

"What we had [on Google Maps] wasn't good enough. It wasn't exposing the parts we wanted to find and as it was getting closer to open day I was getting a bit more desperate and a bit less cautious, and so I decided that I wanted to revert the card back to the state it was purchased in," he told WA Today.

In 2014 members of Hack the Planet bought software to hack into electronic cards, including bank cards.

But Mr Carruthers told WA Today they didn't want to hack into bank cards because it was too risky, which is what led them to the travel cards.

"It was interesting because it is a very appealing topic ... everyone in Perth has a SmartRider card," he said.

"So we met once or twice a week saving copies of our card and using a process called reverse engineering, cross-referencing what we knew about the bus trips and train trips with the data that changed on the card.

"We figured out various parts of the card we could read back on the computer."

The Register reports TransPerth was now attempting to fix the holes in the smartcard system.

Murdoch University said it was aware of the charges but said the hacking was not part of a university class or course.

"All students are encouraged to understand and learn about technology in and out of class," a statement said.

"They are however, never encouraged to engage in any illegal activities.

"Topics of ethics and its relation to computer security are learning objectives in our course.

"Had the students advised staff that they planned to test out their concepts at a train station then they would have been counselled against doing so."