00:00While bugs and glitches left commuters frustrated on launch day, a pair of computer science
00:08students found potentially more serious flaws.
00:11The particular vulnerabilities I found, I believe, probably would have happened from
00:17the date that the system was first up, so probably when user testing commenced.
00:25Sean Fulham found a person with the right skills could access other commuter's details,
00:30including names, addresses, phone numbers and some debit or credit card details.
00:36While Patrick Reid discovered flaws that could allow a person to trick the system into adding
00:41money to their account without being charged.
00:43I am under the impression that the government doesn't know what data has been accessed.
00:48The vulnerabilities were reported to the Australian Cyber Security Centre in early December and
00:54were inaccessible days later.
00:56In its written submission to the Inquiry, the government insists steps were taken to
01:01ensure the system's security, but it's far from the only criticism.
01:05The journey planner sent you on ludicrous journeys involving buses, taxis, three hour
01:10walks etc to get to your destination.
01:12The QR code was not simple, it still continues to not be simple, it is in fact cumbersome
01:17and complicated and incompetently implemented.
01:19The decision as to the implementation was taken ultimately by Transport Canberra but
01:25with the support of NEC in terms of making sure that we addressed that objective that
01:31they had which was to create options for people.
01:34Transport Canberra officials and the Minister are expected to face further questions about
01:39those decisions when public hearings continue tomorrow.
Comments