Dutch security researchers rode the London Underground free for a day after easily using an ordinary laptop to clone the “smartcards” commuters use to pay fares, a hack that highlights a serious security flaw because similar cards provide access to thousands of government offices, hospitals and schools.
There are more than 17 million of the transit cards, called Oyster Cards, in circulation. Transport for London says the breach poses no threat to passengers and “the most anyone could gain from a rogue card is one day’s travel.” But this is about more than stealing a free fare or even cribbing any personal information that might be on the cards.
Oyster Cards feature the same Mifare chip used in security cards that provide access to thousands of secure locations. Security experts say the breach poses a threat to public safety and the cards should be replaced.
“The cryptography is simply not fit for purpose,” security consultant Adam Laurie told the Telegraph. “It’s very vulnerable and we can expect the bad guys to hack into it soon if they haven’t already.”
By Alexander Lew Email Author| June 24, 2008