Oyster card security flaws published

Details of how to hack an Oyster Card are published
Details of how to hack an Oyster Card are published

Professor Bart Jacobs and researchers at Radboud University in Holland have finally published details of an Oyster card hack that has allowed them to clone the smart card.

Manufacturer NXP semiconductor had sought an injunction to delay the publishing of the paper, but the Prof and his team have now released the details at the European Symposium on Research in Computer Security (Esorics) 2008 security conference in Spain.

However, Prof Jacobs has said this is "not a guidebook for attacks".

The publishing of the findings represents a delay of around seven months after the legal action taken by the Dutch manufacturers, a spin-off company from Philips.

Delay

Steve Owen, Vice President of Sales and Marketing within NXP Semiconductors, said the delay was only to give customers time to change their systems, according to the BBC.

"We sought the injunction to cause a delay, not to completely stop the publication," he said.

He also points out that new installations should think twice about installing entry systems based on the smartcard due to the possible security breaches.

Shashi Verma, Director of Fares and Ticketing at Transport for London, also told the BBC that the organisation was already aware of the problem, and simply copying the card would not be enough.

"We knew about it before we were informed by the students. A number of forensic controls run within the back office systems which is something that customers and these students have no ability to touch."

Gareth Beavis
Formerly Global Editor in Chief

Gareth has been part of the consumer technology world in a career spanning three decades. He started life as a staff writer on the fledgling TechRadar, and has grown with the site (primarily as phones, tablets and wearables editor) until becoming Global Editor in Chief in 2018. Gareth has written over 4,000 articles for TechRadar, has contributed expert insight to a number of other publications, chaired panels on zeitgeist technologies, presented at the Gadget Show Live as well as representing the brand on TV and radio for multiple channels including Sky, BBC, ITV and Al-Jazeera. Passionate about fitness, he can bore anyone rigid about stress management, sleep tracking, heart rate variance as well as bemoaning something about the latest iPhone, Galaxy or OLED TV.