Contactless fare cards in the New Jersey and San Francisco transit systems can be manipulated using an Android application, enabling travelers to reset their card balance and travel for free, researchers demonstrated on Thursday during the EUSecWest security conference in Amsterdam.
An NFC (near field communication) Android smartphone can read the data from a fare card with, for instance 10 rides on it, using the "UltraReset" application, said Corey Benninger and Max Sobell, security researchers at the Intrepidus Group and the application's developers. When travelers have used up their balance they are able to write the stored data back to the card using the same app, resetting the balance to 10 rides, the researchers said.

The link for this article located at Network World is no longer available.