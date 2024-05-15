App tricked out
Vulnerability enabled free train rides
Researchers at ETH Zurich have tricked the so-called Easyride function of SBB and used it to travel by train for free. The IT experts manipulated the location data of a smartphone for the test, as the university explained in Zurich on Wednesday. However, the vulnerability has since been fixed.
With the Easyride function, train passengers can check in via the SBB app when they have boarded a train and check out again when they have alighted. The app then determines the route traveled based on the smartphone's location data and books the appropriate ticket retrospectively.
The researchers tested the smartphone they had prepared on several train journeys from Zurich to the capital of a neighboring canton. The fraud was not noticed during the ticket checks on the train, nor were the fraudulent users contacted by SBB afterwards, as the ETH wrote. Instead, SBB calculated the costs of the faked small-scale movements for which no public transport was used.
"Location data can be manipulated"
"The fundamental fact is that the location data of a smartphone can be manipulated and cannot be trusted," said researcher Michele Marazzi, who was involved in the tests, in the press release. Although such manipulation requires specialist knowledge, it is knowledge that computer science students already have at bachelor level, he said.
Incidentally, the researchers also carried a valid ticket with them during the tests, as they emphasized. Using the Easyride function with manipulated location data is a punishable offense.
The ETH researchers informed SBB about the vulnerability in the Easyride function. Today, such manipulations are detected retrospectively and reported to the police. For security reasons, SBB is not disclosing exactly how the checks are carried out.
