It appears a security flaw within Translink’s new Compass system can allow fraudsters to bypass gates and ride transit for free, reports CTV News, which was able to confirm the hack by trying it themselves.
The so called ‘hack’ allows users with an NFC-enabled smartphone (presumably Android in this case, since Apple’s NFC chip is limited to Apple Pay) to reset embedded chips within paper Compass tickets, therefore clearing how much time a rider has been using the system. The hack requires two free apps, which can reprogram Compass tickets via a smartphone with NFC.
Lloyd Bauer, the VP of the Compass Project at TransLink, told CTV News only a handful of people have exploited the flaw for free rides, and that it has the ability to detect, cancel tickets and charge fraudsters who attempt to ride for free, saying “It is something we’re aware of,” and “We are constantly monitoring for it.”
The new Compass Card system, implemented to prevent fare evasion, had a $171 million budget, but went over by an additional $23 million. The system costs Translink around $20 million annually to maintain and operate.
Burnaby Mayor Derek Corrigan reiterated the new system would not prevent fare evasion, saying “It was a ridiculous idea from the beginning, it preyed on people’s sense that everyone else is being ripped off, but this system is just as easy to rip off in a different way.”
Since December, Bauer has noted only 20 examples of this hack being used for free rides. Meanwhile, one source informed CTV News they use the method regularly.