Oyster card hack published, released at security conference


Details of the much-discussed Oyster card hack have been published and released at a security conference that’s being held in Spain right now. What a long, awkward sentence.

The hack takes advantage of a security flaw in the Mifare Classic RFID chip. This chip is used in, among other locales, the Oyster card that’s used in the London public transportation system.

The researchers have defended their publishing of the hack by saying more harm would be done by not publishing the information. They added, hey, let’s assume Bad Guys (organized crime and the like) already know about the vulnerability, and may already be making money off it.

Besides, officials said they can detect if someone uses a modified/hacked Oyster card within the system.

The security paper can be read in its entirety here (it’s a PDF), which I found via Cryptome. Additional documents can be found here.

via BBC News