Advertisement
Promo

Become a member of the ZDNet UK community

David Meyer

View blog's RSS Feed

Communication Breakdown

Communications from the world of, er, communications. And other stuff.

Wednesday 18 June 2008, 5:03 PM

Dutch researchers crack London's Oyster card

Posted by David Meyer

Now they've really gone and done it. At the start of the year, some Dutch researchers managed to crack the Netherlands' travelcard, the OV-chipkaart. Now, this card uses the same technology - NXP's Mifare - as Transport for London's Oyster card. When security experts said the Dutch crack meant the Oyster system should be upgraded or replaced, TfL told us there were enough additional layers of security to make the Dutch case irrelevant to London.

No longer. Wouter Teepe and Bart Jacobs, from Radboud University, today told the Dutch parliament that they'd cracked and cloned London's Oyster card. They were able to not only take free rides on the Underground, but even execute a denial-of-service attack on the gates. Check out a Google translation here of an article, by Webwereld's Brenno de Winter, on the subject.

We're awaiting comment from TfL, and are also in touch with one of the researchers. So, expect more on this tomorrow... I get a feeling this story will roll on and on.

UPDATE (Thursday): Click here for TfL's response...

Comments on this post

harpless

Good thing there aren't crooks, they could've just sold their discovery to counterfieters who'd then make fake oyster cards!

Posted by harpless on Jun 18, 2008 9:47 PM

David Long

But once someone has done it for "research" or to prove it could be done others will attempt it for profit or even just to maliciously shutdown a station. Worse still terrorists could use it to cause a disruptions or use it as a distraction while they do worse.

Whatever security is used there will eventually be a crack/hack for it so I don't know why TfL were confident that the Oyster was safe. Just hope this stunt by these researchers doesn't cost us all if TfL have to spend millions upgrading the system and replacing all our cards.

Updated by David Long on Jun 19, 2008 9:15 AM

David Meyer
  • David Meyer
  • London, UK
  • Member since: October 2006
ZDNet Staff

Contacts' Latest Discussions

Number of Tracked Discussions: 2,342

manek manek

IPv6: don't be so US-centric

Friday 20 November 2009, 6:12 PM

3 comments
manek manek

Will we believe the telcos?

Friday 20 November 2009, 3:43 AM

9 comments
manek manek

Client sorted, what about the network?

Thursday 19 November 2009, 9:45 PM

9 comments

Contacts' Latest Blogs

Number of Contacts Blogs: 11

Avatar Tom Espiner

Climate research centre compromised

Friday 20 November 2009, 5:12 PM

1 comment
Avatar Jonathan Bennett

Did Microsoft violate the GPL?

Wednesday 11 November 2009, 10:19 AM

0 comments

Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters