It doesn't take much of a security expert to warn you that the system is insecure when you're implementing something which trusts the card (not a central database), and the protocol is proprietary and uses weak encryption (mifare is 48-bit or so?).
Implementing a system which trusts the card is just asking for trouble, certainly considering the amount of horepower your average commuters are carying around in their pockets nowadays.
Assume you dupe your friends card, then both go through the turn style -- wont the system error as the system will say that the second read is either "tagged for exit" or maybe it will read it as a 90-minute transfer read?
If you get stopped by the transit police, assuming you got through the turn style, you'd have to have a valid ticket/clipper on you, no?
Many RFID cards are basically tiny computers with each with a proprietary command protocol, so you can't read everything generically. MIFARE DESFire cards (ORCA, Clipper, newer Oyster) for example have a command protocol and basic filesystem. FareBot asks the card for a list of all its files and dumps them out one by one.
I do believe there's a standard way to read NDEF data (used to store URIs, etc.) from different types of cards but haven't looked into this much yet. I think this is what the "Tag" app that comes with the Nexus S does.
The name of the presentation is Hacking the RKF ticket system, it can be found at the bottom of the page.
