October 7th, 2008
Researchers publish details on London travel card hack
First there was Boston’s Charlie card.
Now, Dutch researchers have exposed the inherent weakness in the RFID chip used in London’s Oyster travel smartcard, ZDNet UK says.
Researchers released details at the Esorics security conference in Malaga on Monday and an academic paper (PDF) was posted on the Radboud University Nijmegen website.
Says Prof. Bart Jacobs, who lead the research team:
“The chip is fundamentally broken,” said Jacobs. “The only thing you can do is strengthen it with additional security measures and improve overnight checks. People involved should migrate to different chips, unless their assets are only of low value.”
How did they do it? They intercepted a “trace” of the communication between a smartcard and a Mifare (proprietary chip) reader, computed the cryptographic key, and decrypted it. Once the key was decrypted, the card could be copied and cloned.
Researchers demonstrated their abilities in April, when they used an Oyster card to travel on London’s Tube and then replaced the value on the card. They also claimed to have launched a DDoS attack on the fare gates, jamming them closed.
The release of the details didn’t dissuade Transport for London in April, though.
“Should one security measure be breached, another will protect Oyster cards and the system as a whole,” wrote the spokesperson. “No personal information is stored on an Oyster card and specific information relating to the individual card holder (name, address, telephone, etc) is stored on a central database and kept separate from journey data.”
