News
Oyster cards hacked by Dutch researchers
ZDNet UK
Questions have been raised about the security of chips in Oyster cards after Dutch researchers claimed to have successfully cracked and cloned cards and travelled on London Underground for free.
According to Dutch publication Webwereld, researchers from Radboud University cracked the Mifare RFID chip, from NXP, used in the Oyster card, travelled on the Tube and then restored the balance on the card. The researchers also claimed to have launched a successful denial-of-service attack against Tube entry gates, causing them to jam closed.
Radboud researcher Wouter Teepe presented evidence to the Dutch parliament on Wednesday, in which he outlined the research. Teepe declined to comment to CNET.co.uk's sister siste ZDNet.co.uk on Wednesday, directing us to a Radboud University spokesperson. The spokesperson also declined to comment, saying only that Transport for London (TfL) had been informed and that the university was preparing a scientific paper on the subject, due in October.
TfL said it runs daily tests for cloned cards and that anyone caught using such a card could be prosecuted.
"We run daily tests for cloned or fraudulent cards and any found would be stopped within 24 hours of being discovered," wrote a TfL spokesperson in an email to ZDNet.co.uk. "Therefore, the most anyone could gain from a rogue card is one day's travel. Security is the key aspect of the Oyster system and Londoners can have confidence in the security of their Oyster cards. Using a fraudulent card for free travel is subject to prosecution."
TfL insisted that Oyster cards have 'robust security' that operates "at different points in the system", and claimed that personal information could not be compromised through a Mifare card hack.
"Should one security measure be breached, another will protect Oyster cards and the system as a whole," wrote the spokesperson. "No personal information is stored on an Oyster card and specific information relating to the individual card holder (name, address, telephone, etc) is stored on a central database and kept separate from journey data."
Based on Fears for Oyster security as researchers claim crack on ZDNet UK
More about Software
- Obama in sex video shocker? Oh wait, it's just spam September 11, 2008
- No black holes from Large Hadron Collider, say scientists September 10, 2008
- Michael Moore to premiere film online September 05, 2008
- Images: Touring Google's Chrome browser September 05, 2008
- Extensions promised for Chrome September 04, 2008
5.7
7.5
- Cooliris for iPhone: Sexying up image search
- Chris Anderson's Free is first free audiobook on Spotify
- Facebook embarks on major privacy cleanup
- Firefox 3.5 benchmarked: Twice as fast as Firefox 3
- Best iPhone office apps
- Firefox 3.5 available for download
- Twitpic hackers tweet fake celeb deaths
- The Pirate Bay apparently sold for £4.6m
- Advanced iTunes: Smart Playlists and multiple libraries
- Pirate Bay judge 'not biased', High Court rules
- Microsoft mulls selling Windows 7 on thumb drives: Netbook owners relieved
- Windows 7 E: Your questions answered
- Twitter search sites: The best and the rest
- iPhone porn: Apple approves saucy app
- Windows 7 E pricing confirmed: Not cheap, even without Internet Explorer
