https://www.chicagotribune.com/business/transportation/ct-biz-cta-bus-system-lawsuit-bus-alerts-20191204-hk4aydeo2jah5icvfnj24a4e2a-story.html
By Mary Wisniewski
Chicago Tribune
December 4, 2019
A former CTA computer programmer has sued the agency, alleging that he was
forced to resign for pointing out a security flaw in the bus alert system.
Christopher George Pable, 34, of the Austin neighborhood, filed a whistleblower
complaint against the CTA and technology company Clever Devices Ltd., a CTA
contractor from Woodbury, New York, in federal court in Chicago this week.
Pable had worked on CTA’s information technology systems, including a Clever
Devices system called “BusTime” that broadcasts alerts about buses to the
public, the lawsuit says. BusTime provides estimated arrival times and alerts
to riders, such as when a bus has to be rerouted. Customers get alerts through
emails, on the CTA website or via electronic signs in stations.
Pable discovered a security flaw — or “skeleton key” — in BusTime that could
allow unauthorized access into the system, the lawsuit alleges. Pable told his
supervisor, Michael Haynes, who decided to test the skeleton key by issuing an
alert on the Regional Transit Authority for Dayton, Ohio, which also had
BusTime, the lawsuit alleges.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
