The Tech - Online EditionMIT's oldest and largest
newspaper & the first
newspaper published
on the web
Boston Weather: 62.0°F | Partly Cloudy

MIT Card Security Is 'Laughable'

By Jeremy Hylton
Technology Director

A few days ago the Department of Housing and Food Services instructed dormitory desks to stop accepting the MIT Card as collateral for items loaned by the desk.

The new policy was announced the day after Housing and Food Services Director Lawrence E. Maguire, along with several administrators, received a report describing several security risks of the MIT Card system.

The report, written by electrical engineering and computer science student Andr M. DeHon G, concludes that "the level of security provided by the card is laughable."

DeHon's report recommends several steps users of the card can take to minimize the risks they face, and suggests several changes the Institute could make to improve the security of the system.

One of DeHon's primary goals was educating users of the card. "Students educating themselves and each other is probably one of the biggest things they can do. If they understand the risks and the paths by which this can be abused, they can act more responsibly," he said.

Recommendations taken seriously

Housing and food services is taking the report seriously. "The recommendations in that report are excellent, and we are carefully looking into ways we can institute those recommendations," said John T. McNeill, associate director of food services.

But McNeill explained, "We were certainly aware of the faults that [DeHon] points out. I don't really know of a system that would be foolproof."

The report was also sent to administrators including Senior Vice President William R. Dickson '56, who supervises housing and food services, and Provost Mark S. Wrighton.

The report has prompted requests from other parts of the administration for a review of the MIT Card. Dean for Undergraduate Education and Student Affairs Arthur C. Smith asked Dickson to create a committee to oversee the card.

"I think the question of who is looking carefully at the level of security really needs to be addressed," Smith said. "It hasn't had the kind of attention it really deserves."

McNeill said he would be happy to talk to students if they had concerns about the card.

Maguire and Dickson could not be reached for comment.

Cards can be duplicated

The MIT Card serves several different purposes. Most dormitories are equipped with card readers that allow only residents to enter the building. Meal plans use the card, and students can get an auxiliary account for use at vending machines, Graphic Arts, and other services.

The magnetic strip on the card encodes information including the student's MIT ID number and six-character secret code that identifies the card as belonging to a particular student.

DeHon set out to debunk several myths about the MIT Card when he wrote his report. First on his list of myths was that the MIT Card is difficult to duplicate.

"Equipment to duplicate or synthesize MIT Cards can be readily obtained for less than $500 and requires no technical expertise to operate. The technically inclined can put together suitable equipment at a much lower cost," DeHon wrote.

To copy a card, the data on it must be read and stored until it can be written on a blank card - or an expired ATM card or a strip of magnetic tape on an index card. The data required to duplicate a card "can be captured accurately in seconds on a portable device that costs as little as $15," DeHon explained.

The data on a card could be stolen whenever a student surrenders possession of his card. It would also be possible to attach a clandestine reader to one of the wires running between a reader on a door or vending machine and the controller.

"We knew putting this together that the system is only as good as the people who have to use it," McNeill said. "We were aware that copying was a possibility, but really it's a felony to do that."

Even if a user reports that his card has been compromised, any new cards issued could be compromised. "Once your card has been read, your card - and all future cards which might be issued under the current encoding scheme - is compromised," DeHon wrote.

Recommendations for users

Because the MIT Card is used for financial transactions, it would be possible for someone to steal a student's card number and use it to make charges to that student's account.

Housing and food services would hold the student responsible for the bill unless the student had reported the card missing, McNeill said. "Once that card is encoded and given to you, you are responsible for that card," he said. "We have no choice but to hold you responsible."

But "if it is compromised in some way and it really seems to be legitimate, we could make exceptions," McNeill said.

DeHon made several recommendations to users of the MIT Card:

Avoid using the card in readers of questionable origin and in public vending machines.

Consider whether the convenience of a meal plan or auxiliary account is balanced by the security provided by the current system.

Never loan your card and do not give your card to someone else as collateral if you can avoid it.

DeHon's report, which discusses these recommendations in greater detail, is available on the World-Wide Web at http://www.ai.mit.edu/people/andre/mit_card/.

Recommendations for MIT

DeHon recommended that the Institute consider whether the card provides suitable security for the many new uses the card is being put to. "The notion of a one-card system was perhaps a bit misguided. When you put it all together in one place, when things have different requirements, you can't optimize them separately," DeHon said.

Using the card as a key and for financial transactions creates somewhat contradictory requirements, DeHon explained. A card key should not identify its owner, because that would make it easier for a thief to locate the doors opened by a stolen card. But a card used for purchases should clearly identify its owner, so that a thief would have a harder time pretending the card is his.

DeHon concluded that the current level of security is not appropriate for financial transactions and recommended that MIT discontinue auxiliary accounts, or at least always give students the opportunity to pay cash.

A different kind of card technology, such as using cards with PIN numbers like ATM cards, may be needed for financial transactions, DeHon said. He noted that the cost of installing a different system could be a problem.

"MIT has put a lot of money into this, but they're probably going to continue spending money on this. Is this going to serve our needs in the long term?" DeHon asked.

Smith also observed that the Institute should reconsider the many uses of the card. "I think this is one of those areas that has grown up rather rapidly, and it has broadened rather quickly, and I don't think it has had the overall oversight it needs," Smith said.

McNeill said one of the primary goals for the MIT Card was to have it satisfy all students' needs. "I feel if we go back to two cards, we are going to have a problem of a different kind and we'll get a lot of flack for that also," he said.

"We're going to take a look at any recommendations and sort out which would be the less evil," McNeill said.

DeHon made several other recommendations, including:

Change the way secret data is encoded on the cards so that a new secure card could be issued after a card has been compromised.

Provide students with un-marked cards for use in card key readers.

Allow students to use the card system to give their friends access to their dormitories.