Transport for London claims Oyster card security

Transport for London says it remains confident in the security of the Oyster card after researchers published details on how to hack the card's chip.

Transport for London says it remains confident in the security of the Oyster card after researchers published details on how to hack the card's chip.

"We take fraud and the security of personal data extremely seriously and constantly review our security procedures," a spokesman said.

Researchers from the Dutch Radboud University published cryptograpic details of how they duplicated an Oyster card at the Esorics security conference in Spain on Monday.

The team intercepted the communication between chip and reader on the London underground and cloned a card to enable free travel in April.

NXP Semiconductors, maker of the underlying Mifare Classic chip used by Oyster and other public transport and building access systems, tried to block publication of the research.

In July, a Dutch judge gave the academics the go-ahead to publish, ruling that it was covered by rights to freedom of expression.

Bart Jacobs, professor of computing security at Radboud University, said the aim of publishing the research was to enable organisations to evaluate the seriousness of the vulnerability.

Transport for London (TfL) said a fraudulent card would be identified within 24 hours of being used and blocked.

"The MiFare Classic chip is just one part of a number of security features of the Oyster card system," the spokesman said.

There has been no official confirmation that the chip technology is under review, but TfL announced in August it was to end the contract with TranSys, the contractor responsible for running Oyster.

TranSys said in a statement that Tfl had invoked a break clause to end the contract with TranSys five years early in 2010.

"The London transport system has changed dramatically over the past ten years," the statement said, indicating the possibility of a technology review.

Read more on IT outsourcing

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close