ECan public transport card hacked

RACHEL YOUNG
Last updated 12:32 11/11/2013

Relevant offers

Transport

Upgrade boosts safety of scenic road Road changes tackle Tannery traffic Plans unveiled for central-city transport revamp Crash on Colombo-Bealey corner Riccarton bridge to close for repairs Interchanges key to revised bus system Calls to make tunnel walk a regular event Ferrymead's $35m bridge on track Traffic jams after Cashmere hill crash Bus driving seat may change

A hacker has exposed a flaw in Christchurch's public transport system leaving up to 70,000 people's personal details exposed, and potentially giving some free rides.

Environment Canterbury director operations Wayne Holton-Jeffreys said a few months ago a ''hacker'' showed them how he was able to put funds onto his metrocard without actually paying, up to a maximum of $200.

''We were aware of that issue and had put things in place to upgrade [the card system],'' he said.

''We had that planned to roll out by June 2014.''

He said they were part-way through the upgrades when the earthquakes struck so the focus shifted to securing cards rather than upgrading.

Holton-Jeffreys said during the weekend the same person had presented information at a conference showing flaws in the system that allowed access to up to 70,000 metrocard holder's details. 

This morning, the Metrocard section of the regional transport information website was taken down.

''So to protect our metrocard holders privacy we have taken the website down,'' he said, adding that, ''I don't think I would be worried [as a metrocard holder].''

Holton-Jeffreys said the hacker had to enter an active metrocard six-digit number at random so could not search for people specifically. Likewise, there was no bank account information available, although names, addresses, telephone numbers and dates of birth could be found.

The flaw meant people could also add money to their metrocards without actually paying. But, Holton-Jeffreys did not believe this was going on as ECan kept a close eye on amounts transferred.

ECan hoped the flaw with the metrocards could be fixed quickly.

In the meantime, metrocard users can still use the card, but must top it up manually rather than online.

Holton-Jeffreys said the police had been called, but was unsure if any charges would be laid against the hacker.

Ad Feedback

- The Press

Comments

Special offers
Opinion poll

Do we need commuter rail in the northern corridor?

Absolutely. The cost will be recovered eventually.

No, it's not feasible.

Yes, if it's worth it.

Vote Result

Related story: Mike Yardley: Rail out but email in

Featured Promotions

Sponsored Content