Oyster Card security flaw identified

Susceptible to unlawful cloning

By Aharon Etengoff

Tue Oct 07 2008, 10:38

INSECURITY RESEARCHERS at Radboud University in Holland have published details of a critical Oyster Card security flaw.

The much-maligned card is susceptible to cloning, or unlawful duplication.

Oyster manufacturer NXP Semiconductor desperately sought an injunction to delay the publishing of the paper, but to no avail.

Professor Bart Jacobs released the details at the European Symposium on Research in Computer Security (Esorics) 2008 security conference in Spain.

Steve Owen of NXP clarified that the company had sought a delay only to grant customers time to change their systems.

"We sought the injunction to cause a delay, not to completely stop the publication," said Owen.

Shashi Verma, director of fares and ticketing at Transport for London, claimed that simply copying the flawed Oyster would not create a functioning card.

"We knew about it before we were informed by the students. A number of forensic controls run within the back office systems which is something that customers and these students have no ability to touch," said Verma.

As the Inquirer previously noted, hacking an Oyster travel card would only earn you about three quid a go. µ

L'Inq
TechRadar

Microsoft reveals details on ReFS for Windows 8 Server Coming to all Windows versions eventually Tuesday, 17 January 2012, 15:34 PM Read more	Celebrities come out in support of Occupy Wall Street Photo captions support the little people Thursday, 13 October 2011, 10:34 AM Read more
RIM ports Blackberry Messenger to Android Will launch this year Monday, 3 October 2011, 11:30 AM Read more	Microsoft shows off tablets to lure Windows 8 developers Dangles a quad-core carrot Friday, 26 August 2011, 15:26 PM Read more
Nokia developer web site gets hacked Because he could Wednesday, 24 August 2011, 12:37 PM Read more	HIS launches a stock clocked AMD Radeon HD6790 Vanilla middle of the road Barts board Thursday, 19 May 2011, 14:01 PM Read more

< Previous article| Next article >

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

PHP Web Developer - html,

The Company: My client b...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Oyster Card security flaw identified

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review