Printed from www.pcpro.co.uk
Oyster hacked by open-source tool
Posted on 29 Oct 2008 at 14:29
A new open-source tool called Crapto1 could allow hackers free travel on the London Underground, by decrypting communication data between RFID chips and readers.
The Oyster card system is based around the Mifare chip which uses an encryption algorithm called Crypto1. An attack against this algorithm was recently detailed in an academic paper from the University of Radboud in Holland, and it is this attack which Crapto1 implements.
"I'm not aware of any other public implementations at this time, I decided to write my own. This code implements the cryptography needed, to decrypt captured communications between crypto1 based tags and readers. And even recover the shared secret," says the project homepage on Google Code.
As well as powering the London Underground's ticket system, MIFARE is also used in a similar way on the Dutch public transport system, and in numerous office secure-entry systems.
The project, created by a programmer going by the pseudonym blapost, is currently hosted on Google Code, where it can be freely downloaded. The software allows the access code of a Mifare chip to be decoded within two seconds on a standard PC, opening the door for manipulation of data stored on the card, such as the remaining balance on an Oyster card.
This would allow hackers to gain free access to systems such as that used on the London Underground, as the researchers from Radboud University did earlier this year.
"There is no evidence of the widespread cloning of Oyster cards, the system has not been hacked and there is no risk to card holders' personal data as none is stored on the card," exmplains a Transport for London (TfL) spokesperson. "Recent problems with the Oyster system are completely unrelated to this and have nothing to do with hacking."
TfL has since terminated its contract with TranSys, the company that helped to develop the Oyster card system, although it denies that security is an issue, instead citing potential cost savings.
Author: Matthew Sparkes
advertisement
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Flash 10.1: Developing for Desktop and Device
- Microsoft Office 2010 screenshots: Recover unsaved items
- Microsoft Word 2010 screenshots: Text Effects
- Getting to grips with Microsoft's IT Health Environment Scanner
- Virtualise your servers
- The changing face of travel gadgets
- Build your own distributed file system
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
advertisement
