India metro smart cards vulnerable to a ‘free top-up’ bug

November 3, 2022

, By Editorial Team

Share via:

India’s mass rapid transit (or metro) systems rely on commuter smart cards, which are vulnerable to exploitation and allow anyone to effectively travel for free.

Nikhil Kumar Singh, a security researcher, discovered a flaw in the Delhi Metro’s smart card system. According to the researcher, the bug takes advantage of the top-up process, which allows anyone to recharge the metro train’s smart card as many times as they want. Singh told TechCrunch that he discovered the bug after inadvertently receiving a free top-up on his metro smart card at a Delhi Metro station’s add-value machine.

According to Singh, the bug exists because the metro recharge system does not properly verify payments when a traveller credits their metro smart card at a station add-value machine. He claims that because there are no checks, a smart card can be tricked into thinking it was topped up even when the add-value machine says the purchase failed. In this case, a payment is marked as pending and then refunded, effectively allowing the person to ride the metro for free.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Previous News

B2C rooftop solar startup SolarSquare raised Rs 100 crore in Series A led by Elevation Capital

Next News

Instagram will soon allow a select group of creators to create and sell NFTs directly within the app

StartupNews.fyi is a leading global startup and technology media platform known for its end-to-end coverage of the startup ecosystem across India and key international markets. Launched with the vision of becoming a single gateway for founders, investors, and ecosystem enablers, StartupNews.fyi has grown steadily over the years by publishing tens of thousands of verified news stories, insights, and ecosystem updates, reaching millions of startup enthusiasts every month through its digital platforms and communities.

Popular

More Like this

India metro smart cards vulnerable to a ‘free top-up’ bug

November 3, 2022

, By Editorial Team

India’s mass rapid transit (or metro) systems rely on commuter smart cards, which are vulnerable to exploitation and allow anyone to effectively travel for free.

Nikhil Kumar Singh, a security researcher, discovered a flaw in the Delhi Metro’s smart card system. According to the researcher, the bug takes advantage of the top-up process, which allows anyone to recharge the metro train’s smart card as many times as they want. Singh told TechCrunch that he discovered the bug after inadvertently receiving a free top-up on his metro smart card at a Delhi Metro station’s add-value machine.

According to Singh, the bug exists because the metro recharge system does not properly verify payments when a traveller credits their metro smart card at a station add-value machine. He claims that because there are no checks, a smart card can be tricked into thinking it was topped up even when the add-value machine says the purchase failed. In this case, a payment is marked as pending and then refunded, effectively allowing the person to ride the metro for free.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

Previous News

B2C rooftop solar startup SolarSquare raised Rs 100 crore in Series A led by Elevation Capital

Next News

Instagram will soon allow a select group of creators to create and sell NFTs directly within the app

StartupNews.fyi is a leading global startup and technology media platform known for its end-to-end coverage of the startup ecosystem across India and key international markets. Launched with the vision of becoming a single gateway for founders, investors, and ecosystem enablers, StartupNews.fyi has grown steadily over the years by publishing tens of thousands of verified news stories, insights, and ecosystem updates, reaching millions of startup enthusiasts every month through its digital platforms and communities.

More like this

Popular

Upcoming Events