In a security-related story this morning published on usually reliable Ars Technica, it was suggested through photography that SmarTrip cards might be affected by the security vulnerability mentioned in the story. Several other cities’ transit cards are at stake, including San Francisco’s Clipper card. Given the similarities of the BART and Metrorail systems, it may have been a natural assumption that SmarTrip was also vulnerable to the hack, which would reveal the encryption key used to store all your trip and fare data on your card.
We contacted Metro this morning for comment, and Dan Stessel speaking for WMATA said, “This attack is against the Mifare DesFire which we do not use on SmarTrip.”
Of more concern would be the numerous buildings in the DC area that may use these cards as part of their security systems. HID systems, which handles many government facilities in the area, is said to have used these cards at many locations, as part of a push to comply with a Presidential Directive concerning security.