A security researcher has recently uncovered a serious privacy issue in New York City's Metropolitan Transportation Authority (MTA) subway system, AppleInsider tells us in a report.
This vulnerability jeopardizes not only the MTA's tracking system but also the security of Apple Pay transactions.
Joseph Cox of 404media stumbled upon this alarming flaw during his investigation, highlighting the potential risks it poses to user privacy and data security.
A Closer Look
Cox's discovery unfolded when he managed to track a traveler's movements using their credit card details through an MTA website feature that provides access to trip histories.
Astonishingly, this access did not require any robust verification, leaving the system wide open to abuse. This revelation raises concerns about the privacy and security of travelers who use the subway system and rely on such features for their convenience.
The vulnerability becomes even more concerning as Cox points out that similar tracking might be possible when using Apple Pay, a technology known for its robust security measures.
This revelation has implications beyond the confines of the MTA subway system and underscores the potential fragility of Apple's security measures.
Apple Pay's Questionable Security
Apple Pay has been lauded for its enhanced security features, such as the use of one-time verification codes that replace the need to transmit credit card information during transactions.
However, Cox's findings cast a shadow of doubt on Apple Pay's security claims. If Cox's observations are accurate, it could mean that Apple Pay is not as impervious to tracking and potential misuse as previously believed.
Read Also: Apple iOS 17 Beta 8 Explained: Here's What to Expect From the Developer Version
MTA's Response, Concerns
In response to Cox's findings, the MTA emphasized its commitment to customer privacy but failed to address the inherent weaknesses in its system.
The ability to access a traveler's entire route history with just the point of entry information is a major oversight, opening the door for stalkers and criminals to gather sensitive information. The lack of authentication for accessing trip histories is a glaring gap that leaves users vulnerable.
Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation, highlighted the issue's impact on vulnerable individuals. Abusers or those with physical access to victims' wallets could exploit this flaw, as credit card information is not a unique identifier.
Potential Fixes and Privacy Concerns
Experts say one possible solution to enhance security would be to introduce a PIN or password requirement for accessing trip histories.
However, the MTA has not taken decisive action in this direction, leaving users exposed. 404 Media tells us that activists have long been concerned about the potential misuse of data collected by the MTA's system and its implications for user privacy and surveillance.
The broader context of this issue extends beyond the MTA's flawed tracking system. With Apple Pay being potentially compromised, questions arise about the security of digital payment systems in general and the measures they take to safeguard user data.
Stay posted here at Tech Times.
Related Article: Apple Plans to End Social Media Customer Support via X, YouTube
