It seems that the RFID chip used in London Underground’s Oyster Card – supplied by former Philips subsidiary, NXP Semiconductor – has been hacked by researchers at the University of Virginia.
The researchers were testing the claims in a report for the Dutch government that hacking the travelcard would require at least $9,000 worth of hardware and would not be an easy prospect for at least two years. They have found that they can do the same job with a standard laptop computer and some cheap equipement.
It’s not clear yet what implications this has for Oyster card users, but presumably cards can be cloned by reading the RFID signal with a small device attached to the reader in quiet stations. You can then embed that into cloned cards and sell them as a way of getting free transport.
As journeys are logged, it is likely that unusual travel patterns would trigger fraud software and cut the card off – but that then in turn causes considerable inconvenience to the legit passenger.
At a time when we are preparing for the UK government to force us into some monolithic database and ID card scheme, this is a timely reminder of how nothing is ever really secure from being hacked.