A new Android application is capable of granting users with free travel on the Swedish city of Gothenburg's public transport systems, through the use of an exploit on the Västtrafik contactless card.

Västtrafik transport cards (used for paying for bus, tram and train journeys) are based on NXP's popular Mifare Classic protocol, thus making them susceptible to its well-documented weaknesses. The application, which is available for compilation on GitHub, uses exploits that had previously relied on a PC and USB NFC reader to rewrite blocks of data on the card, providing users with the ability to travel without paying for their journey.

There are limitations to the capabilities of the application, as the user must rewrite data on the card after every journey, but the portability of NFC-enabled Android devices means that this is only a minor hurdle for users of the exploit. It's also possible that the operators of the Västtrafik contactless cards have methods of detecting card fraud built into their system.

Due to the fact that the exploit relies on weaknesses of the Mifare Classic Protocol, only devices with NXP NFC hardware, such as the Galaxy S3 and Galaxy Nexus, are capable of using it. This means that Broadcom-equipped devices like the Samsung Galaxy S4, Galaxy Mega and Google Nexus 4 are unable to use the application.

The author of the application suggests that the exploit might also work with Stockholm's SL access transport card, though this has not yet been tested.

In a comment to NFC Brief, Västtrafik's CIO, Kari Finnskog, said: "We are aware of the problem and take it very seriously. We are monitoring the issue closely and our aim is to find a solution as soon as possible that solves the problem"

Follow NFC Brief on Twitter to stay informed about the latest in NFC technology:

One Response so far.

  1. Anonymous says:

    The Dutch transport system uses the same technology. With an USB NFC card reader and some software on your pc you can put money on your anonymous transitcard on it and travel for free. The card will get blocked after a while though, but i heard somebody already developed an android app that deblocks the card through NFC

Leave a Reply