Court rules Oyster hack can be revealed

A Dutch judge has ruled that researchers can publish details of how to crack the Oyster card used on London's public transport system.

NXP, which makes the Oyster card, had taken out an injunction to stop Professor Bart Jacobs and colleagues from Radboud University in Nijmegen from publishing their research into security flaws in the payment card.

The university welcomed the ruling, stating that "in a democratic society it is of great importance that the results of scientific research can be published ".

NXP argues that it will take months to fix the flaw that allows the cards to be cloned. It has reportedly said that publishing the detailed research will serve no useful purpose.

A spokesman for Transport for London told the BBC: "Transport for London remains confident in the security of the Oyster card system.

"We take fraud and the security of personal data extremely seriously and constantly review our security procedures.

"Any fraudulent card would be identified and blocked within 24 hours of being used. Using a fraudulent card for free travel is subject to prosecution and we would seek to enforce this wherever possible."

The researchers studied the card ahead of its proposed implementation in the Netherlands.

They found that it was possible to clone the cards, add credit to them and even jam entry gates, although it is unlikely that cloned cards cause last week's problems on the Underground.

The Dutch government has now halted the deployment of the cards after the researchers showed that they could also be used to gain unauthorised access to government buildings.

MI5 wants to crack open Oyster

Londoners' travel information up for grabs  17 Mar 2008

O2 opens up its Wallet

Six-month trial of NFC payments gets underway  28 Nov 2007

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!