Dutch researchers break security of London’s Oyster transport card

Dutch researchers have managed to break the security on an Oyster...

Dutch researchers have managed to break the security on an Oyster smartcard to enable free travel on the London Underground, and wreak havoc on the ticket barriers by initating a denial of service attack on them.

A report on a Dutch website says the two researchers from Radboud University were able to load free credit onto an Oyster card using a laptop and some adapted software, after breaking the encryption and security used on the Oyster card.

The Oyster card uses the Mifare technology adapted by a Philips spin-off smartcard firm.

Mifare is seen as an outdated smartcard chip technology, after originally being developed in the 1990s.

Earlier this year, the same researchers were able to pull the same stunt on a new Dutch transport system that relied on Mifare.

As a result, the Dutch government decided to dump Mifare and move to another more secure system.

Following their escapade on the London transport system - including a denial of service attack on a ticket barrier which kept it permanently shut - Transport for London says it will not be forced to dump Mifare, for now, anyway.

The researchers plan to release more details of their "work" this October in a paper, which they admit will probably encourage more attacks on Mifare-supported transport and security systems.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.