Researchers at cybersecurity firm SafeBreach said they recently disclosed the vulnerabilities to Israeli firm Moovit, which helps users plan routes using public transit networks, including buses, ferries, subways and scooters.
Bar said their findings would facilitate “the perfect crime” because they could get access to the personal data of billions of people while also getting payment information from a smaller subset of users.
He added that they had multiple sessions with Moovit’s team to address the vulnerabilities they found and verified that fixes for the issues worked.
But Bar warned that other tools may be vulnerable to similar issues. Several cities, including New York, are ditching longtime card or coin-based systems in favor of app-based payment tools.
“We always say, ‘go hack yourself,’” he said. “Because in order to find if you are vulnerable or not, you should test your systems. That's the only way you can know if you're vulnerable or not.”
Commenti