Oyster cards cracked

2008-03-14

in Economics, Security

A while ago, I posted on how the Mifare RFID system had been reverse-engineered. Now, it seems that the Oyster Cards used in the London Underground have been cracked. Painstaking microscope work and a weakness in the encryption algorithm employed were enough to compromise the system – allowing cards to be cloned and arbitrarily modified. Given how fares for one-way trips run from £4.80 (C$9.58) for Zone 1 and 2, off peak, to £11.30 (C$22.55) for Zones 2 – 8 + Watford Junction at peak time, you can be sure that there will soon be a lucrative underground market in cloned cards and passes.

It goes to show how when you are deploying such an expensive and extensive system, you cannot trust the vendor to simply provide secure products. Robust external evaluation is necessary. Furthermore, you had better be sure to design the system such that a problem that does emerge can be contained and acceptable cost. Hopefully, that will prove true of the London system.

Report a typo or inaccuracy

{ 6 comments… read them below or add one }

. March 14, 2008 at 10:20 am

The [London Underground] fare structure is now strongly biased to encourage the use of Oyster cards. From January 2007, the adult single cash fare for all journeys involving zone 1 is £4, and £3 for all journeys not involving zone 1, while there are different Oyster fares applicable between 7 a.m. and 7 p.m. Monday to Friday and at all other times (including public holidays): e.g. zone 1 only £1.50 at all times, zones 1-2 £2 peak, £1.50 off-peak, zones 1-3 or 1-4 £2.50 peak, £2 off-peak, zones 1-5 or 1-6 £3.50 peak, £2 off-peak. Journeys not involving travel in zone 1 are much cheaper with Oyster: zone 2, 3, 4, 5, or 6 only, or zones 2-3, 3-4, 4-5, or 5-6, £1 at all times; zones 2-4, 2-5, 2-6, 3-5, 3-6 or 4-6 £1.80 peak, £1 off-peak.

Anonymous March 14, 2008 at 1:13 pm

ZZZZZ SPMNG NRLFW FJAXO OBFTX PXHFT EISDN PVHIO AKNVW HCINQ CUPCA
BTSUE LJJHA UICWB EGFXV DJRTF TBXMQ PPWAA CUBNF PBGAL SMQKP HCWXH
WSAJJ QCICC COTED HLPMF EJPHM LDVPW MBBCG MGGBE IHNIB LPUIA EHDRL
IVTPG FKIFI SQQXG MILPR LJJMT QXBNL HLUXX UVMJN STHRD GIIAQ QVDFL
UTCQS XDCDC BJMGD RPKFS ESLWA ABPPC RQECL EDELA JNSUI DPGEM MVXID
MBBES XFWPI JSKIA HGAZZ YYYYY

(AES, Question)

. March 14, 2008 at 3:14 pm
Milan March 14, 2008 at 7:24 pm

Anonymous,

That doesn’t work with my AES decryption utility (TextMate).

R.K. March 21, 2008 at 8:58 pm

“Oyster cards shucked” would be more pithy.

. August 30, 2008 at 12:09 pm

Credit-card companies killed Mythbusters segment on RFID vulnerabilities

By Cory Doctorow on Gadgets

Check out the first two minutes of this clip of Mythbusters’ Adam Savage telling the folks at the HOPE hackercon about how the Discovery Channel was bullied by big credit-card companies out of airing a program about how crappy the security in RFID tags is. Arphid Watch: Mythbusters and RFID

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Previous post:

Next post: