Published on October 26th, 2019 📆 | 2216 Views ⚑0
Spanish transport system was hacked. Cards charged with fake money
According to vulnerability testing specialists, there has been a considerable increase in the number of scams related to refills on cards used to travel on the public transportation system in Spain. After a decline in this activity, thanks to the implementation of a new system, the hackers seem to have found the method to bypass the new security measures.
After this report was revealed, the
concessionaire company and the Spanish government released a joint statement
mentioning that some monitoring measures will be put in place in the system to
detect any suspicious movements. The intention is to permanently block cards
that are identified with this “false balance”.
The Spanish authorities mention that their
vulnerability testing teams have detected an increase in this activity over the
last two months, especially in the Aragon region. Previously, government and
private companies began taking action against the use of fake balance on these
cards, such as integrating a blacklist with more than 3,000 fraudulent cards and
renewing payment card reader devices.
According to various local media, the sudden
increase could also be related to hundreds of thousands of high school and
college students going back to school; as reported, the students can increase
the balance of these cards to levels unsuspected by using just one APK.
Although the authorities and the concessionaire
announced the implementation of new technology, vulnerability analysis experts
from the International Institute of Cyber Security (IICS) say that the way to
defraud the transport system of Spain is the same as that practiced a few
months ago, although it is now carried out in a stealth manner; due to constant
monitoring against this practice, perpetrators are limited to making fake
refills of between 5 and 10 Euros, when a few months ago fraudulent recharges
were detected for more than 200 Euros.
The concessionaire has reported that for now it
does not intend to install new hardware or develop new systems for the payment
of public transport. Instead, they mention that they will continue with the
suspicious activity detection approach. “Any public transport system is
vulnerable,” a spokesman said.
Hacking incidents of this type occur more and
more frequently. A few weeks ago, an unidentified hacker group managed to
generate hundreds of free trips using the Manchester, UK transport system app.
Thanks to poor security, hackers managed to use the same QR
code over and over again, used as proof of payment.