Monday, October 6, 2008

Oyster card hack can be published - Part Two

Another follow up story as details of how to hack a smartcard used in Oyster cards have now been published online. Thanks to Pete from the Londoneer for reminding me about this. In July a Dutch court ruled that details of how to hack the card could be released in the interests of "freedom of expression laws."

Earlier in the year members of Professor Bart Jacobs' team came to London to test their findings, and travelled on the London Underground using a modified Oyster card.

Shashi Verma, director of fares and ticketing at Transport For London, told the BBC its system spotted the security breach.

"We knew about it before we were informed by the students," said Mr Verma

He stressed that the Mifare Classic chip in the Oyster card is only part of a larger system. "A number of forensic controls run within the back office systems which is something that customers and these students have no ability to touch."

"We will carry on making improvements to the security of the Oyster system."


Commenting on their research, Prof Jacobs told BBC Click the information being disclosed was: "not a guidebook for attacks". I also bet it's not as much fun as creating an Oyster Card watch or a magic wand for Tube barriers.

Oyster watch article in the londonpaper

The BBC's full report on this will be broadcast on BBC Click on Saturday 11 October at 1130 BST on the BBC News Channel. You can also find it on BBC World - check here for the times it'll be going out.

No comments:

Post a Comment