Oyster card maker sues security researchers

 

Gallery

By Matthew Sparkes

Posted on 8 Jul 2008 at 12:45

The company which manufactures the chips used in London's Oyster card system is suing the researchers who cracked it to stop them publishing details.

Last month it emerged that researchers from Radboud University in Holland had hacked an Oyster card, enabling them to get a day's free travel on the London Underground.

The team plans to present details of how this was achieved at a computer security conference in October.

However, NXP, the company that produces the MIFARE chips used in Oyster cards, is reportedly now suing the researchers in an attempt to prevent them from disclosing details of the vulnerability.

"We are aware that the Dutch researchers have reverse engineered the algorithm and we are taking this issue very seriously," said an NXP spokesperson at the time of the researchers' first announcement, speaking to the Times.

"We've informed all of our system integrators and advised them to closely assess their systems. We're talking to the guys at Radboud University and have identified various counter-measures," continued the statement.

A spokesperson for Transport for London assured PC Pro at the time that the vulnerability would not provide unlimited free travel - but was not able to explain what measures would prevent a repeat of the researchers' experiment.

NXP was unavailable for comment at the time of writing.