Taxpayer Logo

Official site of the
CANADIAN TAXPAYERS FEDERATION
a citizens advocacy group dedicated to lower taxes,
less waste and accountable government.

[$description:substr(start="0",length="10")]
[$description:striptags():escape():substr(start='0',length='150')]
[$description:striptags():escape():substr(start="0",length="150")]

BC: TransLink Bus Hacked Yesterday?

October 30, 2013
BC: TransLink Bus Hacked Yesterday?

How secure are TransLink’s computer networks? Not very, apparently…

Yesterday morning, I spotted this conversation on Twitter:

I wasn’t surprised – I’ve heard from several sources over the years that TransLink’s networks were vulnerable. So I asked a computer expert friend of mine what this meant:

It would appear based on the information provided in the link, a member of the public was able to determine the SSID of the on board router, (no doubt they use the same SSID on each and every bus, a very amateur move.) and simply jammed it by offering up the same SSID on the same channel from their mobile phone. This is a basic and simple way to shut down any router. I would say hacking 101, which any reasonable IT administrator should not allow.

Another computer expert I spoke with told me this:

The ticket machine is communicating via wifi. The device the ticket machine is communicating with has the SSID tra761331 so by setting up a device near that machine with the same SSID you get a scenario where the ticket machine will connect to the spoofed device - this creates the service interruption.

Here's what this might mean:

With this method and the right knowledge, it's possible that someone could intercept information. For that to happen, there would have to be other security-related oversights and possible some information on how the ticket machine and it's host communicate, but that doesn't mean it's not possible. I can't tell much from the image in that tweet - which is good... we can be certain that *any* security breach can pose potential risk.

Because this flaw is directly part of the ticket machine's network, the security of card transactions comes in to question. It calls TransLink's PCI (Payment Card Industry) compliance in to question.

The term PCI triggered my memory. In October 2011, I made a Freedom of Information request for a PCI compliance audit of TransLink, done by Deloitte and Touche and Bell Canada Consulting Systems. I was denied access, due to security concerns. Looks like the security concerns haven’t been addressed…

Don’t worry, though. TransLink says they’re on it.

LEAVE A COMMENT

You have successfully posted your comment. Please allow 24 hours for your comment to be reviewed before being published to the site.

Sign in to leave a comment

You have successfully posted your comment. Please allow 24 hours for your comment to be reviewed before being published to the site.

You have the power to change who influences politics in our country: big unions, big corporations and government-funded special interest groups can be challenged by the contributions of thousands of individual taxpayers who care to make a difference.

FEATURED PETITIONS

JOIN US

Join over 81,000 Canadian Taxpayers receiving our Action Update newsletter. I understand that I may unsubscribe at any time.

RECEIVE THE TAXPAYER MAGAZINE!

“False Alarms”“Message Delivered”
The Taxpayer