-
Notifications
You must be signed in to change notification settings - Fork 71
Security Notes
Metrodroid respects the need for security of ticketing and payment systems, even if the systems in question have their own security flaws.
Metrodroid only ever reads data from cards, and never writes.
For cards that don't have open access to data, Metrodroid does not ship with keys. It will always be possible to install keys.
The authors of this software do not condone fraudulent activities.
It is recognised that there is a lot of information on the wiki and the project's source code which could be used to exploit flaws in those systems.
However, we feel the utility of being able to read cards entirely offline is more important than these risks, as bad actors will continue to work to exploit the card systems anyway.
These risks are mitigated through a secure system design, which:
-
Allows free read access to data on the card, with useful data.
By providing the data openly and offline, there is no incentive to break keys that would allow writing.
-
Provides documentation describing the data format, in order to allow interoperability and applications such as this. eg: HSL
By working to an open standard, the system is not made secure exclusively through obscurity.
-
Reconciles all transactions to a central clearing-house, and perform frequent audits. When a card fails these audits, it should be added to a list of banned cards pushed to all terminals.
By auditing transactions, and not trusting card media, it mitigates the risks and scope for fraud from tampering with card data or cloning cards.
-
Uses modern card technologies which allow access controls to be implemented effectively.
Ultimately, security though obscurity is harmful.