Free London Underground Travel: Professor hacks Oyster Card
Details of how to hack one of the world's most popular smartcards were announced to the world yesterday by The BBC, after a research paper was published online.
The research by Professor Bart Jacobs and colleagues at Radboud University in Holland revealed a weakness in the widely used Mifare Classic RFID chip, used in the Oyster card.
The card uses technology from the Dutch company behind the Mifare chip, NXP. They recently applied for an injunction to prevent the release of the paper, which a judge overturned (maybe with an interest to get a cloned card himself?).
Professor Jacobs and his hacker team decided to release it for all London criminals to profit, at least until NXP figure out how to fix things.
NXP now claims that it will take "months or years" to implement security upgrades, which may lead to meltdown of the entire system this month. Or in other words, "we have no idea what we're doing".
All of this may have been resolved if NXP had spent the money filing the injunction and paid the professor. None of this came as a surprise to me, after recently having dinner in Boston with a bunch of clever MIT students that managed to hack the Boston T system. And no, I was not involved.
Is it possible that it was cloned cards that led to last week's problems on the Underground? And could this mean that the Barclays Oyster card is also prone to attacks? If so, this really could create some chaos.
Transport for London claims there are more security measures in place, and that backup security systems have banned all hacked cards now.
Don't go roaming free spending all your travel money just yet.
Dismantling Mifare Classic - The Research Paper [SOS.cs.ru.nl]