Oyster Card Hack released

by Jason Sanders | October 8, 2008 at 09:34 am | 440 views | add comment | 0 recommendations

RFID based cards, such as London's Oyster Card, are known to be unsecure and were easily cracked eight months ago. Well, a group of Dutch researchers decided to release a paper on how the Oyster hack worked and the the platform's insecurity, months after being gagged by the Dutch government.

However, Jacobs said the researchers had disclosed their findings to NXP in March, and were only now publishing the details to the wider public in October. Jacobs added that, because of the fresh publication of those findings, organisations using Mifare Classic could now make a solid analysis of security risks to their systems.

Bart Jacobs, the professor of computer security at Radboud University who led the research team, told ZDNet.co.uk on Tuesday that the security of the Mifare Classic chipset, used in Oyster cards and in the Dutch OV-Chipkaart travelcards, was completely ineffectual.

"The chip is fundamentally broken," said Jacobs. "The only thing you can do is strengthen it with additional security measures and improve overnight checks. People involved should migrate to different chips, unless their assets are only of low value."