Oyster hackers roam London for free
By Matthew Sparkes
Posted on 23 Jun 2008 at 11:05
Researchers have hacked an Oyster card to get a day's free travel on the London Underground.
The Dutch researchers from Radboud University used a laptop and RFID reader to crack the algorithm used by the cards, enabling them to place credit back on it to get free access to the London Underground.
Speaking to PC Pro this morning a Transport for London spokesperson claimed that the vulnerability would not work for long because the credit balance is stored both on the Oyster card and on a central database.
"Security is the key aspect of the Oyster system and Londoners can have confidence in the security of their Oyster card and personal data," claims a Transport for London spokesperson. We run daily tests for clones of fraudulent cards and any found would be stopped within 24 hours of being discovered. Therefore the most anyone could gain from a rogue card is one days travel."
However, the information held on the cards is only periodically synchronised to a central database, allowing the researchers a 24-hour period to use their card for free travel around the capital.
The software used by the group to achieve this will not be released, but details will be covered by a paper later this year.
The vulnerability could also theoretically affect much more than travel cards. The Oyster card system uses MIFARE chips from NXP Semiconductors, which are also used in keyless entry systems around the world. Half a billion of the RFID chips have been sold so far, along with five million readers.
"We are aware that the Dutch researchers have reverse engineered the algorithm and we are taking this issue very seriously," said a spokesperson from the company, speaking to the Times. "We've informed all of our system integrators and advised them to closely assess their systems. We're talking to the guys at Radboud University and have identified various counter measures."
Is your business a social business? For helpful info and tips visit our hub.
- Windows 8.1 Update: an abject surrender
- The insane economics of Sky Now TV
- No such thing as a free app... so pay up if you want quality
- Time to outlaw crapware-laden installers
- Windows Phone 8.1 video: hands-on
- Office for iPad: key information
- Why every PC buyer owes Richard Durkin a debt of gratitude
- HTC One M8 vs Samsung Galaxy S5: 2014's big-hitters compared
- Windows XP end of life: key information
- Cut out the broadband jargon? What jargon?
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- How to write your company's IT security policy
- Raspberry Pi and Wolfram: a must-have for every child
- Could you get by with Office Web Apps?
- The best Android antivirus apps for 2014
- Headings vs headers: how to use both in Word
- Windows Server 2012 R2: how the Datacenter edition could change SMBs