Serious mistakes make new Budapest electronic ticketing unsafe

DBZOL20170718006
Budapest, 2017. július 18. Utas új elektronikus bérletét ellenõrzi a Budapesti Közlekedési Központ (BKK) jegyellenõre Budapesten, a Deák téri metrómegállóban 2017. július 18-án. A napokban elindította a BKK az online jegy- és bérletvásárlási felületet, amelyre a vásárlóknak minden nap be kell majd lépniük. Elõször teljes árú és tanuló, félhavi és havi Budapest-bérletek, 24, 72 órás és hetijegy vásárlására lesz lehetõség. MTI Fotó: Balogh Zoltán

Change language:

The BKK (Budapest Transport Center) launched the online ticket and lease purchase interface this week. Index, however, reported on Friday that there are rough security flaws in the system. Among other things, with a “basic hacking” anyone could get a lease for as much money as he wants.

An ethical hacker sent an remark to the journalists of Index, which was confirmed by several other independent experts later. BKK responded to the news shortly afterwards:

“BKK sadly experienced that the successful installation and the proper use of the new online sales channel launched yesterday became continuously influenced by cyber-attacks,” they added. “The system started to operate using an automatic abusive monitoring feature in the launch phase, that detects such attempts and triggers immediate action.”

DBZOL20170718010
Serious mistakes make the new Budapest electronic ticketing system unsafe – BKK

However, the story does not end here. More and more amateur security errors are warning us on the Internet. 24.hu also received the comments of an expert who highlighted several bad security settings. Among other things, the BKK ticket buyer system stores the users’ passwords as raw texts, it doesn’t hash them. So with the most common passwords (e.g. 123456),

Continue reading
Tags

Leave a Reply

Your email address will not be published. Required fields are marked *