Dutch researchers have managed to break the security on an Oyster smartcard to enable free travel on the London Underground, and wreak havoc on the ticket barriers by initating a denial of service attack on them.
A report on a Dutch website says the two researchers from Radboud University were able to load free credit onto an Oyster card using a laptop and some adapted software, after breaking the encryption and security used on the Oyster card.
The Oyster card uses the Mifare technology adapted by a Philips spin-off smartcard firm.
Mifare is seen as an outdated smartcard chip technology, after originally being developed in the 1990s.
Earlier this year, the same researchers were able to pull the same stunt on a new Dutch transport system that relied on Mifare.
As a result, the Dutch government decided to dump Mifare and move to another more secure system.
Following their escapade on the London transport system - including a denial of service attack on a ticket barrier which kept it permanently shut - Transport for London says it will not be forced to dump Mifare, for now, anyway.
The researchers plan to release more details of their "work" this October in a paper, which they admit will probably encourage more attacks on Mifare-supported transport and security systems.