News
Oyster cards hacked by Dutch researchers
ZDNet UK
Questions have been raised about the security of chips in Oyster cards after Dutch researchers claimed to have successfully cracked and cloned cards and travelled on London Underground for free.
According to Dutch publication Webwereld, researchers from Radboud University cracked the Mifare RFID chip, from NXP, used in the Oyster card, travelled on the Tube and then restored the balance on the card. The researchers also claimed to have launched a successful denial-of-service attack against Tube entry gates, causing them to jam closed.
Radboud researcher Wouter Teepe presented evidence to the Dutch parliament on Wednesday, in which he outlined the research. Teepe declined to comment to CNET.co.uk's sister siste ZDNet.co.uk on Wednesday, directing us to a Radboud University spokesperson. The spokesperson also declined to comment, saying only that Transport for London (TfL) had been informed and that the university was preparing a scientific paper on the subject, due in October.
TfL said it runs daily tests for cloned cards and that anyone caught using such a card could be prosecuted.
"We run daily tests for cloned or fraudulent cards and any found would be stopped within 24 hours of being discovered," wrote a TfL spokesperson in an email to ZDNet.co.uk. "Therefore, the most anyone could gain from a rogue card is one day's travel. Security is the key aspect of the Oyster system and Londoners can have confidence in the security of their Oyster cards. Using a fraudulent card for free travel is subject to prosecution."
TfL insisted that Oyster cards have 'robust security' that operates "at different points in the system", and claimed that personal information could not be compromised through a Mifare card hack.
"Should one security measure be breached, another will protect Oyster cards and the system as a whole," wrote the spokesperson. "No personal information is stored on an Oyster card and specific information relating to the individual card holder (name, address, telephone, etc) is stored on a central database and kept separate from journey data."
Based on Fears for Oyster security as researchers claim crack on ZDNet UK
More about Software
- Obama in sex video shocker? Oh wait, it's just spam September 11, 2008
- No black holes from Large Hadron Collider, say scientists September 10, 2008
- Michael Moore to premiere film online September 05, 2008
- Images: Touring Google's Chrome browser September 05, 2008
- Extensions promised for Chrome September 04, 2008
5.9
8.6
8
- Canon EOS 550D: Increment schmincrement
- LG Mini GD880: Miniature by name, minuscule by nature
- BenQ W600: Low-cost gaming and entertainment projector
- Canon PowerShot SX210 IS, Digital IXUS 210, 130, 105: Make life worth living again
- Toyota Prius recalled: Brake issue hits UK
- Google to add status updates to Gmail, scare bejeezus out of Facebook
- Google to add status updates to Gmail, scare bejeezus out of Facebook
- Facebook plans Gmail killer, revamps useless photo uploader
- Google Ocean Showcase: Dive the deep at your desk
- Vodafone UK's Twitter account hijacked by foul-mouthed employee
- Editors' Choice 2010
- Twitter may be in decline: Study suggests just a fad after all
- Google Chrome 4 adds add-ons, HTML5
- Jobs: Google's 'Don't be evil' is a 'load of crap', Adobe is 'lazy'
- Google withdrawing support for IE6
- Google Social Search: Web search that asks your mates
- 'Exceptional' demand for Windows 7 pumps Microsoft profits
- Trends in trends: Twitter trending topics go local, Google Trends gets Hot Topics
- MusicDNA puts the Web in your music
- Palm Pre homebrew app store: WebOS beta apps are pre-Pre
- Google founders to sell $5.5bn worth of shares
