The MBTA acknowledged in court yesterday that its CharlieTicket system is vulnerable to fraud, validating a key finding of three MIT students who drew attention to the security problems as part of a class project.
The admission came during a hearing at which a federal judge lifted a 10-day order barring the students from talking about their findings and denied the MBTA’s request to keep them silent about the most sensitive parts of their research for five months.
[...] “I hope it gives people comfort that they can do security research . . . without fear that they’re going to be dragged into federal court and gagged,” said Cindy Cohn, legal director for the Electronic Frontier Foundation, which is representing the students.