Today, the Massachusetts Bay Transportation Authority (MBTA) obtained a temporary restraining order on at least 3 MIT students who claim that they have found a security vulnerability in the Charlie Card system and can exploit it to get “free subway rides for life“.

The 10-day injunction, ordered by U.S. District Court Judge Douglas Woodlock, prohibited Zack Anderson, R.J. Ryan and Allessandro Chiesa from revealing what they claim are the vulnerabilities of the MBTA’s fare card.

The students claimed they had hacked the security features of the computerized “Charlie Card” and were scheduled to present their findings Sunday in Las Vegas at computer hacking conference.

The three students were initially going to present their findings at DEFCON 16, a conference in Las Vegas for the security and hacking community. Their presentation was supposedly titled “The Anatomy of a Subway Hack“.

Universal Hub has some more info, including the actual judge’s order in a PDF.

I’d love to hear or read about how this hack works.