Dutch researchers break security of London’s Oyster transport card


Dutch researchers break security of London’s Oyster transport card

Antony Savvas

Dutch researchers have managed to break the security on an Oyster smartcard to enable free travel on the London Underground, and wreak havoc on the ticket barriers by initating a denial of service attack on them.

A report on a Dutch website says the two researchers from Radboud University were able to load free credit onto an Oyster card using a laptop and some adapted software, after breaking the encryption and security used on the Oyster card.

The Oyster card uses the Mifare technology adapted by a Philips spin-off smartcard firm.

Mifare is seen as an outdated smartcard chip technology, after originally being developed in the 1990s.

Earlier this year, the same researchers were able to pull the same stunt on a new Dutch transport system that relied on Mifare.

As a result, the Dutch government decided to dump Mifare and move to another more secure system.

Following their escapade on the London transport system - including a denial of service attack on a ticket barrier which kept it permanently shut - Transport for London says it will not be forced to dump Mifare, for now, anyway.

The researchers plan to release more details of their "work" this October in a paper, which they admit will probably encourage more attacks on Mifare-supported transport and security systems.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy