Hacking the Oyster Card

It seems that the RFID chip used in London Underground’s Oyster Card – supplied by former Philips subsidiary, NXP Semiconductor – has been hacked by researchers at the University of Virginia.

The researchers were testing the claims in a report for the Dutch government that hacking the travelcard would require at least $9,000 worth of hardware and would not be an easy prospect for at least two years. They have found that they can do the same job with a standard laptop computer and some cheap equipement.
It’s not clear yet what implications this has for Oyster card users, but presumably cards can be cloned by reading the RFID signal with a small device attached to the reader in quiet stations. You can then embed that into cloned cards and sell them as a way of getting free transport.

As journeys are logged, it is likely that unusual travel patterns would trigger fraud software and cut the card off – but that then in turn causes considerable inconvenience to the legit passenger.

At a time when we are preparing for the UK government to force us into some monolithic database and ID card scheme, this is a timely reminder of how nothing is ever really secure from being hacked.

Links:

University of Virginia press release

« « Previous Blog Post Next Blog Post » »

Sign up for my free weekly email newsletter

Sample Issue

Trackbacks / Pings

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

web