Oyster Card Hack to be Published


“In its ruling, the court said: ‘Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings”

There’s some good comment on a blog here: http://technovia.co.uk/2008/07/oyster-card-hac.html where the opinion is that this is a marvellous ruling, that will actually be good for business in the long run, as it will discourage companies from promising to its customers that a system is secure purely because they think they can clamp down on any information about it that appears.

TfLs retort is that security is the key aspect of the Oyster system and Londoners can have confidence in the security of their Oyster cards.

Implications go further than just the Oyster. The same RFID technology is widely utilised on other transport systems, as well as ID cards and the forthcoming combined travel / credit / micro-payment card. Bruce Schneier commented on his blog back in January.

Best comment of all is here at http://www.securerf.com/RFID-Security-blog/?p=46 where the author is curious as to how many end users completed a risk assessment before their system was implemented and if this series of events will encourage more firms to do so in the future.