City bus firm’s app upgrade helps keep ticket fraud in check

Data experts from the University of Edinburgh are helping to boost the security of a ticketing app used by a leading UK public transport company.

They are working with the creators of Lothian Buses’ m-tickets system to make its software and the server systems that process and store data more robust.

Improving the app will stop people producing valid tickets without paying and reactivating expired ones.

The upgrade, involving University of Edinburgh cyber security experts, will also make it harder for hackers to access users’ personal data.

Researchers identified parts of the app’s source code that were vulnerable to cyber-attacks and developed technical solutions in response.

Mobile tech firm Corethree, which created the system, is now developing a more secure version of the app, based on the experts’ recommendations.

The researchers hope their insights can create a blueprint that will help improve the security of other travel apps.

Much of the work was carried out by undergraduate researcher Jorge Sanz Maroto, a student on the MInf Informatics programme.

Their findings have been accepted for publication at the Information Security Conference (ISC) 2020, and will be presented between 16 and 20 December.

Lead researcher Dr Paul Patras, of the University of Edinburgh’s School of Informatics, said: “Although smartphones have become pervasive and the Android/iOS ecosystems have matured, security vulnerabilities that can jeopardise revenue streams persist.

“This sets a positive example for other digital technology companies and emphasises the importance of building security into products and services from the initial design stages.”