At the last-week EUSecWest security conference in Amsterdam, a demonstration by security researchers revealed that Android handsets equipped with near-field communication (NFC) technology can be used by subway riders of the transit systems in New Jersey and San Francisco to endlessly stock up their fare cards `for free.'

The demonstration was essentially aimed at drawing attention to the flaws in the card-based "contactless" ticketing systems which transit systems worldwide are using as an easy way of processing fares.

The researchers - Corey Benninger and Max Sobell from Intrepidus Group - demonstrated with the help of their UltraReset application that tech-savvy subway riders can use the flaws in some ticketing systems to bag a permanent ticket, merely by using the Android app and an NFC-equipped handset.

Going by the demonstration by the researchers at the conference, the UltraReset app can enable subway travelers to read the balance of a fare card, and then write the stored data back to the card; thereby resulting in the resetting of the balance to give the travelers more `free' rides.

Though the researchers noted that not all NFC-enabled transit ticket are vulnerable, they said in a blog post pertaining to the technical details of the hack: "We know a number of cities are looking to roll out contactless technology and hope we can bring light to this issue so that it is implemented correctly in the future."