Win a holiday

Enter our Snapshots of Summer photography competition

Navigation - link to other main sections from here

Skip Navigation

From Times Online
July 21, 2008

Details of Oyster card hack to be made public

Dutch researchers can explain how they cloned identity cards to get free travel and access to government buildings

Jonathan Richards

Details of a computer hack which allowed researchers to clone identity cards that are used by million of people to access buildings and travel on public transport are to be published.

The company which makes the Mifare smartcard, which is used to gain access to thousands of British schools as well to ride on the London Underground and buses, had sought to prevent Dutch researchers from publishing details of the hack.

But a court in Holland has overturned an injunction that would have prevented the publication of the research, paving the way for academics from Radboud University to explain how they were able to ride the Tube free for a day with a cloned Oyster card - and sneak into Dutch government buildings.

After learning of the breach in April, the Dutch government posted armed guards outside all its buildings, and postponed the introduction of a new €1 billion transport payment system similar to the Oyster card until the security issues had been addressed.

Oyster card cloning with a laptop

Mifare smartcard is hacked into by Dutch university scientists, highlighting security flaw on identity and swipe cards

Professor Bart Jacobs, who led the research team, said he would hold off publishing his findings until the Dutch Government and NXP, which makes the technology used in Mifare cards, had had a chance to make their systems more resilient.

But NXP sought an injunction to ensure the details of the hack would never be made public. A court in Arnhem has now overturned the injunction, citing freedom of expression laws. "(The) damage to NXP is not the result of the publication of the article, but of the production and sale of a chip that appears to have shortcomings," the court said.

Radboud University welcomed the ruling, saying that "in a democratic society it is of great importance that the results of scientific research can be published".

A spokesman for NXP, which was formerly a division of Philips, the electronics manufacturer, said: "We don't mind them publishing the effects of what they have discovered to inform society. I think this is absolutely fine. But disclosing things in detail including the algorithm ... is not going to benefit society, it will create damage to society."

Transport for London said it remained confident that the Oyster card system, used by millions of people on London's Tube and bus network, was secure, but added that it was "constantly reviewing" its security procedures.

The Dutch Interior Ministry said at the time the hack was made public that it was replacing 120,000 cards used by civil servants to access Government buildings. About ten million Mifare smartcards are sold in Britain each year, and are used to access public buildings as well as in contactless payment systems.

This security approach is hopeless. Once a piece of technology (smart cards, dvd encryption) is out in the open, it will get cloned, it will get hacked. The entertainment industry tried it with DVD, blu-ray, etc., and failed. The question is whether it's an acceptable risk for the application.

Stephen van Egmond, Toronto, Ontario

Absolutely right that the research should be published. If the alogrithm was faulty then it should be rethought. If university staff can hack it so can criminal elements.

Richard Jefferies, Castaño del Robledo, Spain

Have your say

* Required

Print
Email
Bookmark and Share

Also in Tech & Web

Also in News

Tech Central

Latest posts on the blog

TECH CENTRAL

The best games and gadgets from E3 2009

Tech Central

Apple iPhone, 2009 model

Our verdict on the new iPhone 3G S

video: lunar gadgets

Edwin ’Buzz’ Aldrin photographed by Neil Armstrong

Gadgets on the moon

Can you guess what these objects were used for?

Portable consoles

Blaze Sega Mega Drive

Games on the move

The best handheld consoles rated and reviewed

Twitter

Twitter logo

Follow Tech & Web

Gadgets and Games

Cloudy With a Chance of Meatballs, the game

Game trailer: Cloudy With a Chance of Meatballs

Best of Google Streetview

Banksy’s artwork captured on the side of a building situated in London’s West End on Google Streetview

Weird and wonderful images from Google Street View

Slide Show

TECHNOLOGY

ATD logo

Articles from our sister site:

Most Read

Skip Most Read

Today

MOST COMMENTED

Skip Editor's Pick

Today

MOST CURIOUS

Skip Most Curious

Today

Focus Zone

Angel of the north

Northern Lights:

Win a luxury weekend to Newcastle and its neighbour Gateshead, find out more here

BT

Business Solutions:

Risk, resilience and embracing new technology

accenture

Need to Know:

Industry sectors news at a glance. Interactive heatmap, video and podcast

Cisco

Business Wisdom:

Discover the collective power of smart thinking. Submit a solution and be in with a chance to win a Flip MinoHD Camcorder

Social Entrepreneur

Social Entrepreneurs:

The inside track on current trends in the charity, not for profit and social enterprise sectors

ba business travel clouds

Business Travel:

Everything the Business Traveller needs to know to make a better trip

rowing boats

Great British Summer :

Make the most of the summer and enter our fabulous photographic competition, you could win a £5000 holiday

Corsica

Corsica Travel:

Corsica is an island of beauty and contrast, an ideal holiday destination

More Reports

More reports:

Enjoy further reading from Travel to Fashion, Business to Sport, discover more

previous next
Man with Confidential Papers

Ad Feature

Business Security

Get adequate protection

Times Mobile

Times Mobile

Get Times news, business and sport on your mobile. Text Times to 66644

Laptop computer showig a picture of a telephone on screen

Simplify Digital

Save a bundle

Deals on digital TV, broadband & phone

accenture

Need to Know

Industry Sectors news at a glance

A lawyer with gown and wig

Find a Lawyer

Cut your legal costs

Sudoku

Online Sudoku with daily prizes

small business

Ad feature

Business Survey

Share your views

Popular Searches on Times Online

books | chess | crossword | fashion | football | formula 1 | Michael Jackson | need to know | obituaries | recipes | redundancy calculator | rich list | savings | science | sudoku | swine flu | twitter | university guide | wine | travel deals

Shortcuts to help you find sections and articles

Classifieds 

Cars

Skip Cars of the Week

Car leasing

The clever way to lease a new car is with Car leasing made simple™


Jobs

Skip Jobs of the Week
Operational Officers

Not Specified
MI6
UK-based

Finance & Corporate Services Manager

£60,000
The Environment Agency
Bristol

Programme Manager

Up to £90K
Boots
Midlands

Sales Professionals

OTE £85k
Credit Protection Association
Nationwide Opportunities

Properties

Rushmore Condo's

Luxury Condo's in Manhattan with NYC views

Diadem Homes

The best new homes in Wimbledon?

Holidays

Skip Travel of the Week

Seychelles Beach Beauty

Save up to £1,000 per couple with Elite Vacations at the five-star Constance Lemuria Resort


Leave the queues behind at the airport

and do the British Isles this Summer.
Save up to 60% with Oxford Hotels and Inns

Bored of life?

Try our inspiring luxury holidays to the Indian Subcontinent and South East Asia.
Great offers available

Canada for Less.. fly from £129 one way inc taxes

8 fabulous Canadian cities ...you won’t find cheaper


Place your advert now