Dutch researchers have managed to break the security on an
Oyster smartcard to enable free travel on the London
Underground, and wreak havoc on the ticket barriers by initating a
denial
of service attack on them.
A
report on a Dutch website says the two researchers from Radboud
University were able to load free credit onto an Oyster card using
a laptop and some adapted software, after breaking the encryption
and security used on the Oyster card.
The Oyster card uses the Mifare technology adapted by a Philips
spin-off smartcard firm.
Mifare is seen as an outdated smartcard chip technology, after
originally being developed in the 1990s.
Earlier this year, the same researchers were able to pull the
same stunt on a new Dutch transport system that relied on
Mifare.
As a result, the Dutch government decided to dump Mifare and
move to another more secure system.
Following their escapade on the London transport system -
including a denial of service attack on a ticket barrier which kept
it permanently shut - Transport for London says it will not be
forced to dump Mifare, for now, anyway.
The researchers plan to release more details of their "work"
this October in a paper, which they admit will probably encourage
more attacks on Mifare-supported transport and security
systems.