When it was announced that the Nexus S would have a built-in NFC radio, I immediately started thinking about the potential of using cell phones with RFID public transit fare systems. The day the Gingerbread source code was released, I picked up a Nexus S and began working on a proof-of-concept application that can read data from transit cards. Though a vacation got in the way, today I’m happy to announce FareBot!
Currently FareBot can parse and display balance and trip history information from Seattle’s ORCA card, and can dump raw data from any other MIFARE DESFire card including San Francisco’s Clipper card. FareBot is open-source and designed to be flexible so that hopefully other developers will add support for other types of cards.
When demonstrating FareBot, many people are surprised to learn that much of the data on their ORCA card is not encrypted or protected. This fact is published by ORCA, but is not commonly known and may be of concern to some people who would rather not broadcast where they’ve been to anyone who can brush against the outside of their wallet. Transit agencies across the board should do a better job explaining to riders how the cards work and what the privacy implications are.
Another common question is if it’s possible to modify data on a card for free rides. As a big supporter of public transit, facilitating fare evasion is absolutely not something I am interested in. This is an especially touchy subject as transit agencies across the country face large budget gaps due to the economic recession, some of which have been forced to cut back service people have come to depend on.
That said, the security of some older fare cards has been compromised possibly allowing someone to alter their balance, though I am unaware of any attacks against DESFire. In general, it’s very important that these systems do not rely on security through obscurity and I believe the more people who learn about how these systems work, through FareBot or other projects, the better.
With budget gaps or not, new technology should be seen as new opportunity to encourage ridership by making transit easier and more convenient. Despite problems during the initial rollout, I think ORCA has already accomplished this in Seattle by eliminating the need for casual (non-pass) riders to deal with change, making the bus an easy choice for quick trips. As a visitor to San Francisco and the valley, Clipper (formerly Translink) saved me from what would have otherwise been a nightmare of juggling BART, Muni, and Caltrain tickets.
Because many of these systems are new, there is often a limited number of places to buy a card and/or add value, especially outside the city center. This presents a great opportunity for NFC-equipped smart phones which, in addition to being able to read cards, also have the capability to emulate a card. No matter how far to the edge of an agency’s service area you are, it should be possible to download the ORCA or Clipper app and hop the next bus, streetcar, train, or boat. Apps could link with existing payment infrastructure such as Google Checkout for quick payments without additional setup, and for international travelers looking to get around, apps could support multiple languages and automatic currency conversion.
Typically there is a tradeoff between a transit fare system’s level of security and the cost of a card, as the cards with better security are more expensive. Smart phones on the other hand already have the capability to do real cryptography, so there’s potential to build a much more secure system while not requiring substantial changes to existing reader infrastructure.
FareBot itself may not appear very useful, but I hope it will seen as a demonstration of what’s possible for the future as NFC becomes pervasive. It can be downloaded now from the Android Market, just keep in mind that the current version is not at all complete. If you’re a developer and interested in exploring what’s stored on cards around the world, I hope you’ll check out the source code and contribute. For everyone else - never worry about if you have enough bus fare again!
|FareBot Website||FareBot Source Code|