Suica Simplified

You might think that JR East has installed Suica gates in every station but this is not the case: as of 2018 Suica is installed in roughly half of JR East’s 1667 stations. The reason is cost. Unmanned stations have simple Suica gate readers but apparently the cost of these is an obstacle. Fast local processing is one of the advantages of Suica but I suspect the dedicated network backbone costs for linking and syncing with JR East servers doesn’t come cheap.

JR East is fixing the cost problem by developing a new cloud based Suica gate reader that can easily be installed anywhere. The trade off is slightly slower speeds, perhaps, with the benefit of lower installation and maintenance costs. JR East said they expect to reach 100% Suica deployment with the new model and hope to sell it internationally.


Google Maps Peeing Again? Reverse Vishing attacks reported in Asia

Google Maps is reportedly experiencing another security problem somewhat similar to the 2015 Map Maker debacle that allowed spammers, hackers and other merry makers to directly edit and wreak havoc with map information. The peer reviewed Local Guides program was eventually implemented as a replacement to improve local map information. However the current Google Maps does allow anonymous users to “suggest an edit” such as local business telephone numbers and this appears to be a security weakness and attack vector.

The Daily, a web site for the Daily Sports, not exactly a tech blog, reports that ‘reverse vishing’, is a problem for Google Maps in India and is spreading in Asia. Voice phishing, also called vishing, is when fraudsters call potential victims, reverse vishing is when the potential victim calls a fake number from a fraudster. The article describes frausters editing business information in Google Maps and supplying fake business numbers for banks and other lucrative targets. People calling the fake business numbers are subject to identity theft.

The article doesn’t offer direct evidence or go into extensive detail, such as why Google currently allows anonymous edit suggestions or how suggestions are vetted, but apparently the issue is real and sounds plausible if edit suggestions are not rigorously checked. The article concludes that Google needs to tighten security so that important business information cannot be changed without proper verification. The only work around is confirming contact information directly on a business web site.

Update: added links, screenshots with edits for clarity

Hankyu Goes ICOCA

Hankyu Corporation announced in January they would sell ICOCA cards for commuter pass use starting March 1. The switchover is interesting on many levels. ICOCA is the JR West transit IC card and PiTaPa is the transit IC card for Kansai area private lines (Hankyu, Keihan, Hanshin, Kintetsu, etc.). They are both FeliCa cards, offer commuter passes and are compatible for transit use under the Japan Transit IC Mutual Use Association project specification.

There is one big difference: ICOCA is prepaid while PiTaPa is a postpaid credit card/transit card hybrid that can never really be mainstream because it has credit checks. ICOCA can be bought by anyone at a ticket machine. The Hankyu/Hanshin switchover to prepaid ICOCA for the masses follows the JR West arrangement that Kintetsu and Keihan already have in place. There is just one last little detail that JR West needs to work out however: get ICOCA on mobile digital wallet platforms like Apple Pay and Google Pay. Super Suica should take care of that in 2021.

Lost and Found

I was not familiar with Tile but after reading Twitter user Ken’s lost and found on a Japanese train story, I’m intrigued, though I do agree that the community aspect sounds a little hairy. A good read and it’s great that he found his passport and luggage.