CCC Mods Rent-a-Bike To Allow Free Rides

Autoversicherung writes "Germany has an activated by phone bike rental system across all major cities. At 6 cent a minute quite pricey, germanys famous Chaos Computer Club thought a free ride every now and then couldnt hurt. Optimizing the original system in the process, modifying the blink code to be easier found and changing the logo. About 10% of Berlins bikes are patched already. A detailed description of how they did it, and how the system works."

I'm impressed.

[kngthdn]

Their website [callabike.de] explains...To return your bike, take it to the nearest major crossing within the core area and lock it to a fixed object, e.g., a traffic sign or a bicycle stand but not, please, on a traffic light.

This would not work in America.

All very fun and all...

[Alwin Henseler]

But isn't mucking around with other people's property, without their permission, called "vandalism" ?

"We don't know what we are doing, but we are doing it very carefully..." -Wherry

Price

[HFShadow]

6c a minute sounds pricey, until you realize it's $3.60 an hour, which doesn't sound so bad.

What's the upside?

[Anonymous Coward]

If the system stops making money the bikes will be removed and the service will stop. Then who benefits? The price maybe high for the service but the option is to simply not use it. Just because the apples are over priced does that give you the right to steal them. Free market means you also have the right not to buy not to steal.

What a waste

[Anonymous Coward]

Why hack something that is for the common good, such as public, non-polluting transportation?

Re:Price

[kngthdn]

Until you realize it's a different currency, and it starts looking bad again. 3.60 euros is 4.81 dollars.

That's easily $50 or $60 a day! By then, you could have bought the bike.

Re:Price

[rasjani]

You do know that in germany the currency is not a dollar but euro.

For comparison, in finland there's also rent-a-bikes scattered all over the helsinki area. The "rent" takes 2 euro coin which you get back after you leave the big to appropriate place.

For even more comparision, the bus/metro/tram fares are 2 euros for 1 hour of traffic inside short distances, 3.4e for 1½ hours in long distances in capital area of finland (3 cities: Helsinki/Espoo/Vantaa)

Re:"like this effects us" -American Psycho

[MxReb0]

I also think the mods don't know exactly what "redundant" really means.
(I think this was the 3rd post)

Re:All very fun and all...

[Anonymous Coward]

It is a tort in commonwealth countries - technically a trespass to chattels. But you have to understand the law is normative, in the sense that it reflects social norms. See
http://www.smh.com.au/news/Icon/Squeeze-the-e ase/2 004/12/15/1102787132795.html

which notes that ripping DRM/usurping WiFi is more a psychological barrier in civil disobediance, that becomes an etiquette issue. Whilst not humerous from the companies point of view, I note that the perpetrators of this hack were in fact very careful of their understanding of property rights, they didn't want parked bikes stolen or disincentives not to care for the bike. the 10% modifications can thus be thought of as a social levy, those will the skill and need should be able to crib a bike as needed but the general respect (as noted by their praise of the design) means it probably won't go too far. If I was a judge, I'd probably slap them with a community service of ... oh ... say figuring out some way for homeless vagrants to move around the city to look for jobs :-).

-- LegalEaglet

News for thief, stuff that angers ?

[aepervius]

Hey, sorry but it sounds to me that they are using a hole in a digital system to allow free usage of the PHYSICAL property of somebody else. I will leave to IP philosophe whether to copy IP is stealing or not, but to use somebody else property because the lock is not strong enough is obvious STEALING and VANDALISM. How about going into somebody else flat, eating their food, sleeping in their bed, because their digital alarm system with door code can be easily hacked with the maintenance password ? What on slashdot next ? How to steal a car by bypassing ignition key system ???

Re:All very fun and all...

[Vo0k]

Only if it's destructive and pointless.
Nondestructive and pointless is "mucking around"
Nondestructive and with purpose is "hacking".
Destructive and with purpose is "defending homeland security"

German engineering

[Meetch]

I found it refreshing that although it was possible, quite a bit of work had to go into hacking the bikes in the first place. The only way to circumvent the system was to physically get inside it and reprogram the firmware. This is solid engineering IMHO.

Now, if they're really recalled over winter for a once-over, I wonder how much harder they will be to get into when the snow melts and they reappear? Will the Call-A-Bikes become more impenetrable, as Darwinian geek theory dictates they'll need for survival?

On the flip side, I must also applaud the hackers for not simply vandalising the bikes, but modifying them to return to service once the "free ride" was over. (Perhaps misguided) - theft all the same, but at least free of physical destruction.

Re:All very fun and all...

[EvilMidnightBomber]

But isn't mucking around with other people's property, without their permission, called "vandalism"? Isn't uttering the phrase "the code is unbreakable and we are really proud of it" called product suicide? >8)

Re:What a waste

[1u3hr]

It's a "mod" if you do it to YOUR OWN PROPERTY, not if you steal and break into other people's.

First they stole a bike (one that wasn't locked properly), dismantled it to reverse engineer the mechanism, (in the process depriving the owners of several months' rent the bike might have earned) then went around and opened up over 100 other bikes to reprogram them with their backdoor, and justified this by saying that they thought the work they'd done was worth the cost of several bikes.

Would this get the same "cool hack", "fun" kind of rating if they'd done it to a similar scheme with cars? Somehow stealing bikes isn't really stealing; I've noticed this in movies where the hero appropriates a parked bike when in a hurry, dumping it on the street when he arrives without a second thought. Cyclists' blood boils when this kind of thing is done to their property; again if you tried it with cars you could easily be killed, and the owner would get a slap on the wrist.

bad dog, no biscuit

[fuck_this_shit]

The problem I have with that is that with how often bikes are stolen, vandalised and the initial cost of purchasing them the 6cent per minute might seem costly but appears to be closer to just covering the costs of the service. This is no Robin Hood Hackjob to have those bikes available for free, it's just a way of inching the concept closer to being abandoned by the company. And with by now 10% hacked and this ongoing without publicity for a while they can't honestly claim that it's just for pointing out a security flaw in the system.

Re:bad dog, no biscuit

[Cederic]

Thing is, if you leave aside the moral implications of their hack, it's still a very fine piece of hacking.

Add in that almost nobody will know the entry code for a free ride, that 9 out of 10 bikes are untouched, the main cost to the 'victim' is the cost of reflashing the hacked bikes. And that wont take too long.

I'm not saying I support this precise piece of hacking, but I do love that people are still getting up to this sort of thing. It's a healthy thing for society.

~Cederic

Re:What bullshit

[AndyL]

" So if I park my own bike somewhere, I'm trying to convert this piece of city into my own private parking space?"
I agree with your point, but your analogy is silly unless you own 1700 bikes. You're expected to park your own personal bike by chaining it to the nearest lamppost.

"If this is morally defensible is your own call."
It's easy for me to say because I don't own the bikes, but it's worth noticing that they went to lengths to make sure the bikes were still usable. (Compared to all the other vandalism these bikes have apparently suffered.)
Also, notice that they didn't give out their magic code on the Internet.

It's obvious that these people are just doing this for fun, not out of a strong desire for financial gain. Heck, for all the man-hours that went into this project, they could have worked at a minimum wage job and then purchased a bicycle.

Re:What bullshit

[bit01]

The 'witte fietsen' plan was dumb, like most of the stuff hippies thought up.

About as dumb as the average dotcom business plan, like much of the stuff thought up by the typical business fanatic.

Some people will not have respect for something they receive for free. If they can break it without consequences, they will.

A statistically small fraction of poorly socialised people, generally children, will vandalise the system. Depending on the resulting costs (as compared a so-called free market approach with costs in advertising and competitive duplication, or monopoly rent) this approach may or may not be a good idea. Judging by other posts here it is a good idea in smaller towns.

---

Commercial software bigots - a dying breed.

Re:News for thief, stuff that angers ?

[Anonymous Coward]

Not correct. They found no hole and no backdoor. They rewrote the software with a backdoor and installt their own version. This is not fixing, it is unfixing. How would you fell about someone installing Windows on your BSD machine????

Re:What is it called when

[WIAKywbfatw]

The "someone" in this case is the city or some such municipal body, so they own the streets, so what they do with them is their business, so all your talk of "private retail space without paying anything for it" is just a complete red herring.

Regardless of that, a weak lock isn't an excuse to commit what's clearly a crime, taking something that's not yours to take without paying the proper price for it. A weak front door lock doesn't give you the right to enter someone's house, watch their TV and take a nap in their bed and a weak lock on a bike doesn't give you the right to treat it as if its your own property either.

quote from a German friend

[dash2]

"Inside every British person, there is a little monarchist. Inside every German, there is a little anarchist."

Re:News for thief, stuff that angers ?

[putaro]

They definitely did damage - they reflashed the ROM with their code. This allowed them to use the bikes without paying for them. They stole a bike off the street and kept it for several months - this counts as theft in my book.

By their account, they modified approximately 170 of the bikes in Berlin. According to them it took about 12 minutes to hack 2 bikes - we'll assume that it only takes a tech 12 minutes to undo it which comes up with 17 hours of work just flashing the bikes back, not to mention the time that it takes to find all of the modified bikes. What if they broke any of the electronics while they were doing this? Do you think they left a little "Oops" note with an envelope and some cash - HAH!

Re:What a cool hack!! Until..

[Anonymous Coward]

Hacking for fun, yeah sure. But doing what could ultimately cause the demise of this whole concept.. thats just Wrong.

To be honest, I don't think the proprietor lost any money at all to these "hacks", as long as the same ring of people that did the hacks were the only ones that knew about the secret back-door.

Why? Notice that aside from the first bike that was, well, temporarily stolen, they probably actually RENTED (=paid money) the other 170 bikes (10% of all the cycles in Berlin) in order to install the back-door. At 6cents per minute, I'd say they probably rented each cycle atleast 10 minutes a piece, which would be 60cents x 170 cycles = 102euros. I have a hunch that the benefits they got from being able to just ride around the bicycle for free since they installed the hacks, was about the same or a bit less than the 102euros. But they got the benefit of getting kicks out of the idea, I'm sure.

It's vandalism. It's probably wrong. The ethics are slightly questionable. But it's not serious damage, really, and releasing the story isn't gonna allow a bunch of script kiddies to go out and crack the bicycles. You need to be pretty good to pull this one off. The Intellectual Property bit was not set, but it STILL took them some very impressive reverse engineering skills to figure the original program out. I'd like to see how many people here moaning (my guess is less than 1%) would be able to figure out, from the assembly code, how the original rent codes and lock cycles were coded.

All in all, it's pretty cool, really. Chill out, it's a harmless prank.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Would this fly in any other countries?

[Anonymous Coward]

I'm willing to bet that even the "failed" the program was much more successful than most people realize since those "stolen" bikes are probably still providing transportation for people who can't afford much else. One has to adopt a mindset of abundance when evaluating programs like this. If you are stuck on "are people sharing" etc. the program will always be judged a failure as we do not live in a gift economy. "Are some of those bikes useful?" and "Do some people who could not previously afford transportation have it now?" (presumably) state the objectives much better. Unless of course the objective was to provide convenient transportation to a relatively affluent few in which case the program was doomed from the start.

It does sound like a relatively small number of overpriced (for the job) bikes were provided. In my city I can buy a hot mountain bike for $15 so why would I pay anything close for a stolen one-speed POS? If someone can only afford $5 for transportation, maybe they are just a good candidate for a free bike.

Actually...

[morzel]

No, since the hacker set/blow the security bit/fuse one can't flash the proms any more.

AFAIK, setting the "IP" bit on the controller prohibits reading out the current contents of the flash via the ISP port, but it does not prohibit flashing new firmware into the chip (with or without the IP flag raised).

So, other than a firmware update (which I suspect may have to happen to all bikes regularly anyhow), those hackers haven't done any physical damage that can't be easily undone.

Arguably, they have caused revenue loss for the DB from the bikes that were used for free, but since there is no description on how the backdoor works or how it is advertised, I would assume that only a select group of people knows of this.
In the article itself they made some "ethical" decisions (i.e.: not able to grab a currently rented bike, not able to park a freebie without giving a regular customer the chance to phone it in), which indicates that they want to preserve the utility value for regular customers as much as possible.

All in all:
Is this legal ? No siree, definitely not...
Did the hackers do it to get free bikes, or just for the challenge of it? My guess would be the latter.
Is this a nice hack in the spirit of the hackers of the old days? Definitely: this hack required a lot of skill and creativity, for that they deserve some respect.

Call it what it is - Thievery

[schmaltz]

Perhaps some philosopher could conclude that I've really just abandoned the bikes, and rather than hacking 10% of them, CCC might have done better to hack 100%.

Ah, so without having to think about whether you're stealing from a fellow citizen, you blame it on an unspecified, undefined "philosophy". Ridiculous.

You can't compare the taking you're doing with the Dutch bicycles, because those were intended to be free - here, you're just committing robbery from your neighbor. Everybody leaves bikes locked to public property, everywhere. You just aren't willing to admit that you like being a thief, and only because your victim doesn't get to see or catch you. Because if you did, you'd start stealing from little old ladies, and you'd probably like it too. You have no shame.

Saying that bikes locked to public property are abandoned is absurd - when you park a car on a public street, and lock the doors, you must be abondoning that fine set of wheels [www.inet.hr], I guess, right? Let me know where you live, and I will come rid the street of your trash!

For the record, Witte Fietsen didn't work because nobody wanted to take responsibility for fixing or replacing broken parts, plus people like you stole the bicycles and painted them other colors.

Re:NOTICE FROM THE ADMINISTRATOR

[iammrjvo]

These people's "ethics" are laughable.

We decided that it shouldn't be possible to 'steal' parked (locked but not returned) bikes from paying customers with the backdoor code. This required a few more lines of code. We also ascertained that with the backdoor code it's not possible to park a bike, because the user knowing the backdoor wouldn't pay anything and would therefore not be motivated to take care of the bike (for example not locking it properly), thus preventing paying customers to rent the bike. To differentiate a HackABike from its untreated fellow bikes even from afar, we taught it a different blinking sequence and removed a sticker on the lock box.

So stealing for individuals is wrong, but stealing from a big, bad company is okay? This is a great example of moral relativism.

why?

[Quixote]

Here's why they did it:

There are of course other people, which have, for sportive reasons, tried to test the robustness of the hardware or the electronic principle of the built-in microchips and processors. They tried their luck with screwdrivers and usual ordinary allen-wrenches. they even tried to use a crowbar, a sledge hammer or a motor angle grinder. or totally smart: with a laptop and some decrypting-tools, as well as some trick questions to the maintainance staff. but without luck!". again reth is smiling, who once took the first trip on a green puky-bike and looks at himself no more as a postmodern urbanite than as bicycle freak. he smiles and says: "this technology makes us to the premier station-independant city-bike-sytem. the code is unbreakable and we are really proud of"

The designer of the lock says, "it can't be broken". This is like waving a red flag (or two) before a bull. Of course, now someone has to actually break it to prove a point.

Call it vandalism, call it theft, call it whatever you want. Basically, the "hackers" were responding to the challenge.

Please, lets not split hairs here. It'll leave us all bald.

Re:pedal

[nsayer]

I'll see your technically and raise you

That turn of phrase is quite erroneous. When playing poker, your first declaration or action stands and you cannot then alter it. Attempting to do so is called "string betting." The instant you said "see," that implied a call. At that point, a raise in the same action is not allowed. You will never hear that phrase at a poker table without two things happening: the speaker will be instantly recognized as a greenhorn, and the dealer will disallow the raise.

As for the spelling of "mis-spelt", asking google is a lousy way to go. Dictionary.com says "misspelled," or optionally "misspelt". I've always used the former.

As to the question of whether the great-grandparent misspelled or not, I guess you say poe-TAY-toh and I say poe-TAH-toh.

Re:What is it called when

[mumblestheclown]

I am not the original poster, but, yes, I am.

Don't act shocked. There is a world beyond slashdot, you know.

Re:What bullshit

[mumblestheclown]

Somebody who valdalizes "for fun" should receive a stronger sentence than somebody who actually needs the damn bicycle.

Computer guys prove yet again that shortsighted and selfish thinking is not exclusive to lawyers and MBAs.

Re:bad dog, no biscuit

[Binestar]

How about I take 1/10th of your paycheck every week, no big deal right? You may call yourself "`victim'" in that case, eh? Idiot.

While I agree this is theft of service and morally wrong, you are incorrect in your assessment that it's taking 1/10 of the companie's paycheck for this service.

#1: The bikes still functioned the same for regular riders, they could call up and get the information to rent the bike.

#2: There is no way that all of the people riding the modified bikes did so by using the hack. Only the people in the CCC know the code to do so.

Re:Hackers aint't crackers, eh?

[swillden]

Crackers are a subset of hackers.

No, because some crackers are script kiddies, not hackers. I think it's likely that *most* crackers are not hackers.

There are two sets of people: hackers and crackers, and the sets have a non-empty intersection.

The people who did this appear to members of both sets, as well as fairly responsible people. They did take a bike out of service for a few months, but they appear to have put all of the bikes back, and taken care not to disturb the system. Other than to enable a very small group of people to get occasional free rides on a small percentage of the bikes.

Not to say that I'd encourage this sort of thing, but it really falls more into the category of a mostly-harmless prank, rather than real vandalism. It's entirely possible that Die Bahn even makes money off of it, since free riders who can't find a hack-a-bike will probably end up taking a call-a-bike quite frequently. If they didn't get the free rides they might have chosen to just ride their own bike. And Die Bahn certainly got some free penetration testing.

Probably the worst part of this story is that its publication may motivate other less-skilled and less-responsible people to try their own hand at hacking bikes, which will result in broken bikes and costly vandalism.

Re:Call it what it is - Thievery

[schmaltz]

Yeah- no. You cleverly avoid calling it "stealing" by saying Woz was "calling for free." Free in both cases means stealing.

Hackery doesn't include fucking over people for the heck of it.

Re:Free to use bikes in Helsinki

[Scratch-O-Matic]

I hate to sound the old familiar gripe, but I don't think that your free bike program would work here in the U.S. It would take about 38 minutes for someone to fall and hurt themselves on a free bike, then sue the city.