Oyster Card Hack to be Published


“In its ruling, the court said: ‘Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings”

There’s some good comment on a blog here: http://technovia.co.uk/2008/07/oyster-card-hac.html where the opinion is that this is a marvellous ruling, that will actually be good for business in the long run, as it will discourage companies from promising to its customers that a system is secure purely because they think they can clamp down on any information about it that appears.

TfLs retort is that security is the key aspect of the Oyster system and Londoners can have confidence in the security of their Oyster cards.

Implications go further than just the Oyster. The same RFID technology is widely utilised on other transport systems, as well as ID cards and the forthcoming combined travel / credit / micro-payment card. Bruce Schneier commented on his blog back in January.

Best comment of all is here at http://www.securerf.com/RFID-Security-blog/?p=46 where the author is curious as to how many end users completed a risk assessment before their system was implemented and if this series of events will encourage more firms to do so in the future. 

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

hmm.. thank you very much. usefull information
My concern now is how the Dutch University handled this. Essentially this was a hack - I personally think they have gone too far as 'responsible people' in publishing too much detail. Linus Torvalds had an expression for this which I will not repeat. In the future I think that this may be viewed as mild cyber-terrorism. It inspires fear in the masses that this older technology cannot be used. How far do we go with this? Are we going to see another University team examining Nuclear facility security next and publish how to hack it? You get the point. The educational facilities of the world should be producing people who can fix things, not break them. Still - the Dutch are famous for other technology upsets - the speed camera!
The Dutch also, apparently, invented the practice of "short selling" - see http://www.nrc.nl/international/article1993052.ece/Dutch_invented_short_selling_in_1609. So we can also blame the current world economic crisis on them too!