Global Transportation Mobile Ticketing Service Compromised

I’m a mobile security researcher, white hat hacker, and I enjoy long sits on the train. A little over a year ago I began contacting relevant authorities to report a vulnerability that made it possible to generate infinite valid/functional tickets for a mobile ticketing platform used by numerous major transportation systems throughout the world. I've spent the last year waiting for the issue to be resolved. A couple of months ago I made a final attempt to get through. I emailed the developer to inform them that I was getting ready to publish this. Today I’m fully disclosing a PoC demonstration along with some brief documentation of this exploit.

Read the full article on Medium

JB