City bus firm’s app upgrade helps keep ticket fraud in check

[2020] Data experts are helping to boost the security of a ticketing app used by a leading UK public transport company.

Image
Photo of a young man in front of a computer screen
Much of the work was carried out by undergraduate researcher Jorge Sanz Maroto, a student on the MInf Informatics programme.

Robust software

They are working with the creators of Lothian Buses’ m-tickets system to make its software and the server systems that process and store data more robust.

Improving the app will stop people producing valid tickets without paying and reactivating expired ones.

The upgrade, involving University of Edinburgh cyber security experts, will also make it harder for hackers to access users’ personal data.

Technical solutions

Researchers identified parts of the app’s source code that were vulnerable to cyber-attacks and developed technical solutions in response.

Mobile tech firm Corethree, which created the system, is now developing a more secure version of the app, based on the experts’ recommendations.

Security blueprint

The researchers hope their insights can create a blueprint that will help improve the security of other travel apps.

Much of the work was carried out by undergraduate researcher Jorge Sanz Maroto, a student on the MInf Informatics programme.

Their findings have been accepted for publication at the Information Security Conference (ISC) 2020, and will be presented between 16 and 20 December.

Although smartphones have become pervasive and the Android/iOS ecosystems have matured, security vulnerabilities that can jeopardise revenue streams persist. This sets a positive example for other digital technology companies and emphasises the importance of building security into products and services from the initial design stages.

Dr Paul Patras, Lead Researcher
School of Informatics, University of Edinburgh

Related Links

Paul Patras's personal page

Study with us - UG degrees

Prospective postgraduates