Oyster Card security flaw identified
Susceptible to unlawful cloning
INSECURITY RESEARCHERS at Radboud University in Holland have published details of a critical Oyster Card security flaw.
The much-maligned card is susceptible to cloning, or unlawful duplication.
Oyster manufacturer NXP Semiconductor desperately sought an injunction to delay the publishing of the paper, but to no avail.
Professor Bart Jacobs released the details at the European Symposium on Research in Computer Security (Esorics) 2008 security conference in Spain.
Steve Owen of NXP clarified that the company had sought a delay only to grant customers time to change their systems.
"We sought the injunction to cause a delay, not to completely stop the publication," said Owen.
Shashi Verma, director of fares and ticketing at Transport for London, claimed that simply copying the flawed Oyster would not create a functioning card.
"We knew about it before we were informed by the students. A number of forensic controls run within the back office systems which is something that customers and these students have no ability to touch," said Verma.
As the Inquirer previously noted, hacking an Oyster travel card would only earn you about three quid a go. µ
See Also
Dutch
oysters are apparently wide open
RFID
leakage is hushed up - claim
L'Inq
TechRadar
