ETH researchers thwart SBB application

ETH researchers thwart SBB application
ETH researchers thwart SBB application

Since the test carried out by ETH researchers, it is no longer possible to cheat the application of the SBB (archives).


Researchers from the Swiss Federal Institute of Technology Zurich (ETH Zurich) managed to fool the Easyride function of the SBB app and were able to travel by train for free. This flaw has since been corrected.

For this test, computer security researchers manipulated location data from a smartphone, the ETH Zurich explained in a press release on Wednesday. Such an operation certainly requires technical know-how, but these are skills that computer science students have from the bachelor level, the researchers emphasize.

The Easyride function allows travelers to log in via the SBB app when boarding a train and log out as soon as they get off. The application then determines, based on the smartphone’s location data, the journey taken and subsequently delivers the most appropriate ticket.

The researchers tested the smartphone they prepared during several journeys between Zurich and the capital of a neighboring canton. The fraud was not noticed during ticket checks on the train and the ‘cheaters’ were not subsequently contacted by the SBB. Instead, the company calculated the costs of small-scale false movements, for which no public transport was used.

Weak point corrected

‘This is completely fundamental: the location data of a smartphone can be manipulated and cannot be trusted,’ emphasizes researcher Michele Marazzi, who participated in the tests.

During the tests, the researchers always had a valid ticket with them. Using the Easyride function with manipulated location data is punishable.

The researchers informed the SBB of the flaw in their application. According to the railway company, such manipulations are now detected retrospectively and are the subject of a complaint. For security reasons, SBB does not communicate exactly how the check is carried out.





PREV Increase in butane gas prices from May 20
NEXT “We are a local hospital”