Android app lets you ride for free on public transit thanks to NFC exploit

With the introduction of NFC on smartphones such as the Samsung Galaxy S3 and Google’s Nexus, the use of NFC functions is becoming more and more widespread. NFC or near field communication can be used for data exchange between devices, payments and even tasks automation such as the NFC Tectiles. The problem with new technologies and as they become more popular, is that they can be used improperly.

Intrepidus nfc

For instance, Intrepidus Group researchers Benninger and Sobell were able to write a simple app called “UltraReset” to exploit a vulnerability in the New Jersey and San Francisco transit system. The transit system in both cities uses a contactless fare cards that can be reset with the “UltraReset” app.

UltraReset – Using a smartphone for free subway rides from Intrepidus Benn on Vimeo.

The researchers experimented their hack in these two cities and have notified the local authorities regarding this flaw. The discrepancy is fairly simple as it allows an NFC enabled phone to recharge a transit card over and over again.
No need to look for the app, the researchers will not make it available online. Their goal is not to hack the system, but rather to pin-point how vulnerable new technologies can be. The app was written by Benninger who states that anyone with a little know how can program this little exploit. Its good to know that at least they were honest enough to let us know about this problem and didnt kept it for themselves with evil intention.

On this note, I am just wondering what else we can really do with this new technology. Any creative good ideas?