Baselland Transport – U-Abo App

Mobile Ticketing Cyber Risk Assessment

Mobile ticketing apps are handy and popular, but they also carry risks. Baselland Transport AG is aware of these dangers and has therefore asked our cyber security experts to conduct a risk assessment of its U-Abo application.

With the U-Abo app, customers of BLT and BVB (Basler Verkehrs-Betriebe) can buy a new monthly or annual travel card at any time. However, buying these e-tickets via the mobile app (iOS and Android) carries some risks as every e-ticket system, such as the theft of personal data, the misuse of valid e-tickets or forgery of e-tickets. To minimize these risks, BLT mandated AdNovum to carry out an extensive cyber risk assessment. AdNovum's cyber security experts therefore analyzed the security architecture, the security principles applied and operational processes. In addition, they prepared a list of priority measures to minimize the risks identified. The specific measures were then implemented by BLT and their suppliers.

 

Details of the mandate:

  • Determination of the assets/values within the system
  • Definition of protection targets per asset
  • Identification and evaluation of threat scenarios
    • Evaluation of the security features used in the mobile app (iOS and Android)
    • Verification of the information flow to several back ends, which are operated by different service providers
    • Evaluation of operational processes, such as access to application servers or databases
  • Definition of a list of priority measures to minimize the risks identified