Difference between revisions of "MOBIB"

From YobiWiki
Jump to navigation Jump to search
Line 18: Line 18:
   
 
==Security/Privacy==
 
==Security/Privacy==
 
* On the news:
* [http://www.liguedh.be/index.php?option=com_content&task=view&id=916&Itemid=280 La Ligue des Droits de l'Homme] s'en mêle... The Human Rights league comes into play...
 
  +
** 2010-07-06 [http://www.lalibre.be/actu/belgique/article/594246/mobib-intrusion-dans-la-vie-privee.html Mobib: intrusion dans la vie privée] (fr)
 
** 2010-06-30 [http://www.liguedh.be/index.php?option=com_content&task=view&id=916&Itemid=280 La Ligue des Droits de l'Homme] s'en mêle... (fr)
 
** 2010-01-13 [http://www.springcard.com/blog/2010/dont-trust-card-serial-number/ According to SpringCard], Atmel has released a 14443-B card where one can very easily program the UID (PUPI), demo with a Mobib.
 
** 2009-08-27 [http://www.lesoir.be/forum/cartes_blanches/2009-08-27/attend-ticket-metro-724709.shtml Carte blanche] (fr, in Le Soir) by François-Xavier Standaert & François Koeune about what should be expected from a metro ticket
 
*** The [http://www.dice.ucl.ac.be/~fstandae/PUBLIS/66.pdf full version] on UCL website
 
** 2009-01-16 [http://belsec.skynetblogs.be/post/6626991/flanders-will-also-make-a-mobib-card Flanders will also make a MOBIB card]
 
** 2009-01-09 [http://www.rue89.com/2009/01/09/comment-la-carte-navigo-belge-peut-jouer-les-indics La carte Navigo belge peut jouer les indics] (fr)
 
** 2009-01-09 [http://archives.lesoir.be/vie-privee-des-chercheurs-craquent-le-ticket_t-20090109-00L1RY.html Mobib : la carte trop curieuse] (fr, in Le Soir)
 
** 2009-01-09 [http://www.uclouvain.be/sites/security/mobib.html UCL] have shown anybody can read it, see your name, date of birth and details on last three payments. Some say the Navigo pass contains also details of the last three badgings.
 
* Privacy Commission, about the access STIB has on the National Registry in the context of the introduction of MOBIB & external suppliers<br>Objet : demande de la S.T.I.B. visant à obtenir l'extension des autorisations en sa possession (RN/MA/2007/056)<br>Betreft: aanvraag van de MIVB tot uitbreiding van de machtigingen waarover zij beschikt (RN/MA/2007/056)
 
* Privacy Commission, about the access STIB has on the National Registry in the context of the introduction of MOBIB & external suppliers<br>Objet : demande de la S.T.I.B. visant à obtenir l'extension des autorisations en sa possession (RN/MA/2007/056)<br>Betreft: aanvraag van de MIVB tot uitbreiding van de machtigingen waarover zij beschikt (RN/MA/2007/056)
 
** [http://www.privacycommission.be/fr/docs/RR-RN/2008/deliberation_RN_005_2008.pdf Délibération RN n° 05/2008 du 23 janvier 2008]
 
** [http://www.privacycommission.be/fr/docs/RR-RN/2008/deliberation_RN_005_2008.pdf Délibération RN n° 05/2008 du 23 janvier 2008]
 
** [http://www.privacycommission.be/nl/docs/RR-RN/2008/beraadslaging_RR_005_2008.pdf Beraadslaging RR nr. 05/2008 van 23 januari 2008]
 
** [http://www.privacycommission.be/nl/docs/RR-RN/2008/beraadslaging_RR_005_2008.pdf Beraadslaging RR nr. 05/2008 van 23 januari 2008]
* [http://www.uclouvain.be/sites/security/mobib.html UCL] have shown anybody can read it, see your name, date of birth and details on last three payments. Some say the Navigo pass contains also details of the last three badgings.
 
** On the news:
 
*** [http://www.rue89.com/2009/01/09/comment-la-carte-navigo-belge-peut-jouer-les-indics here] (fr)
 
*** [http://archives.lesoir.be/vie-privee-des-chercheurs-craquent-le-ticket_t-20090109-00L1RY.html?query=mobib&firstHit=0&by=10&sort=datedesc&when=-1&queryor=mobib&pos=0&all=26&nav=1 here] (fr)
 
 
* [http://belsec.skynetblogs.be/post/6626991/flanders-will-also-make-a-mobib-card Flanders will also make a MOBIB card]
 
* [http://www.lesoir.be/forum/cartes_blanches/2009-08-27/attend-ticket-metro-724709.shtml Carte blanche (in french)] in Le Soir (27/08/2009) by François-Xavier Standaert & François Koeune about what should be expected from a metro ticket
 
** The [http://www.dice.ucl.ac.be/~fstandae/PUBLIS/66.pdf full version] on UCL website
 
* [http://www.springcard.com/blog/2010/dont-trust-card-serial-number/ According to SpringCard], Atmel has released a 14443-B card where one can very easily program the UID (PUPI).
 
   
 
==Tools==
 
==Tools==

Revision as of 08:47, 6 July 2010

See also RFID

Technology

  • STIB site about MOBIB (MIVB)
  • ASK, the card manufacturer
  • Press releases
  • On wikipedia:
    • Calypso, see also here
    • MoBIB (fr)
    • Passe Navigo (fr) is not fully ISO14443-B compliant (Innovatron "standard", also referred as type B') so without proper reader it can be accessed only via contacts. Mobib readers cannot read Navigo pass, so no compatibility whatsoever with the anonymous Navigo card, sigh.

Security/Privacy

Tools

  • UCL software to read Mobib cards (mobib extractor) seems to not be available anymore
  • SpringCard offers a SDK with a Calypso explorer for Windows and its sources, find here the SDK PC/SC for Calypso. See also their blog post
  • An article from P. Gueulle describes a program in Basic to dump the memory content of a Calypso card
  • Cardpeek is a Linux tool to read the contents of ISO7816 smartcards. It features a GTK GUI to represent card data is a tree view, and is expandable with a scripting language (LUA). The tool currently reads the contents of: EMV cards, Navigo public transport cards, Moneo ePurse cards and the French health card "Vitale 2"
  • you may try Edouard Lafargue's tool
  • UCL researchers wrote a nice article (in French) in MISC Mag #48 on how to read a Navigo card, see pages 74-82