News
Oyster cards hacked by Dutch researchers
ZDNet UK
Questions have been raised about the security of chips in Oyster cards after Dutch researchers claimed to have successfully cracked and cloned cards and travelled on London Underground for free.
According to Dutch publication Webwereld, researchers from Radboud University cracked the Mifare RFID chip, from NXP, used in the Oyster card, travelled on the Tube and then restored the balance on the card. The researchers also claimed to have launched a successful denial-of-service attack against Tube entry gates, causing them to jam closed.
Radboud researcher Wouter Teepe presented evidence to the Dutch parliament on Wednesday, in which he outlined the research. Teepe declined to comment to CNET.co.uk's sister siste ZDNet.co.uk on Wednesday, directing us to a Radboud University spokesperson. The spokesperson also declined to comment, saying only that Transport for London (TfL) had been informed and that the university was preparing a scientific paper on the subject, due in October.
TfL said it runs daily tests for cloned cards and that anyone caught using such a card could be prosecuted.
"We run daily tests for cloned or fraudulent cards and any found would be stopped within 24 hours of being discovered," wrote a TfL spokesperson in an email to ZDNet.co.uk. "Therefore, the most anyone could gain from a rogue card is one day's travel. Security is the key aspect of the Oyster system and Londoners can have confidence in the security of their Oyster cards. Using a fraudulent card for free travel is subject to prosecution."
TfL insisted that Oyster cards have 'robust security' that operates "at different points in the system", and claimed that personal information could not be compromised through a Mifare card hack.
"Should one security measure be breached, another will protect Oyster cards and the system as a whole," wrote the spokesperson. "No personal information is stored on an Oyster card and specific information relating to the individual card holder (name, address, telephone, etc) is stored on a central database and kept separate from journey data."
Based on Fears for Oyster security as researchers claim crack on ZDNet UK
More about Software
- Obama in sex video shocker? Oh wait, it's just spam September 11, 2008
- No black holes from Large Hadron Collider, say scientists September 10, 2008
- Michael Moore to premiere film online September 05, 2008
- Images: Touring Google's Chrome browser September 05, 2008
- Extensions promised for Chrome September 04, 2008
7.5
5.8
6.7
9.2
- Windows Phone 7: App store, free dev tools and Silverlight all in the Mix10
- Myouterspace: William Shatner's social network is as bonkers as you'd hoped
- Sony Vaio M-series laptop: New netbook not noticeably notable
- Twitter seeks Web ubiquity through @anywhere platform
- Google refused Nexus One trademark: Not because it's a replicant
- Sony MDR-RF4000K and MDR-RF810RK: Slick and sexy wireless headphones
- Windows Phone 7: App store, free dev tools and Silverlight all in the Mix10
- Myouterspace: William Shatner's social network is as bonkers as you'd hoped
- Twitter seeks Web ubiquity through @anywhere platform
- Dotcom at 25: Silver anniversary of the Web's brand name
- Google '99 per cent certain' to close China site
- Google Buzz survey: Yeah, no one's using it
- Google Street View to cover 96 per cent of UK roads from tomorrow
- Windows Phone 7 cross-platform gaming with Xbox 360 and PC demoed
- Lords amendment to block Web locker sites
- Valve coming to Mac: Apple ads pwned by parody teasers
- TVCatchup: Behind the scenes at the video-streaming service
- Chrome 4.1: Bienvenue to auto-translate
- Microsoft EU browser ballot rolling out today: Mix it up
- BBC to axe 6 Music, Asian Network and half of Web site, claims report
- You Review: Gravity Twitter app for Symbian
