A while ago, I posted on how the Mifare RFID system had been reverse-engineered. Now, it seems that the Oyster Cards used in the London Underground have been cracked. Painstaking microscope work and a weakness in the encryption algorithm employed were enough to compromise the system – allowing cards to be cloned and arbitrarily modified. Given how fares for one-way trips run from £4.80 (C$9.58) for Zone 1 and 2, off peak, to £11.30 (C$22.55) for Zones 2 – 8 + Watford Junction at peak time, you can be sure that there will soon be a lucrative underground market in cloned cards and passes.
It goes to show how when you are deploying such an expensive and extensive system, you cannot trust the vendor to simply provide secure products. Robust external evaluation is necessary. Furthermore, you had better be sure to design the system such that a problem that does emerge can be contained and acceptable cost. Hopefully, that will prove true of the London system.
The [London Underground] fare structure is now strongly biased to encourage the use of Oyster cards. From January 2007, the adult single cash fare for all journeys involving zone 1 is £4, and £3 for all journeys not involving zone 1, while there are different Oyster fares applicable between 7 a.m. and 7 p.m. Monday to Friday and at all other times (including public holidays): e.g. zone 1 only £1.50 at all times, zones 1-2 £2 peak, £1.50 off-peak, zones 1-3 or 1-4 £2.50 peak, £2 off-peak, zones 1-5 or 1-6 £3.50 peak, £2 off-peak. Journeys not involving travel in zone 1 are much cheaper with Oyster: zone 2, 3, 4, 5, or 6 only, or zones 2-3, 3-4, 4-5, or 5-6, £1 at all times; zones 2-4, 2-5, 2-6, 3-5, 3-6 or 4-6 £1.80 peak, £1 off-peak.
ZZZZZ SPMNG NRLFW FJAXO OBFTX PXHFT EISDN PVHIO AKNVW HCINQ CUPCA
BTSUE LJJHA UICWB EGFXV DJRTF TBXMQ PPWAA CUBNF PBGAL SMQKP HCWXH
WSAJJ QCICC COTED HLPMF EJPHM LDVPW MBBCG MGGBE IHNIB LPUIA EHDRL
IVTPG FKIFI SQQXG MILPR LJJMT QXBNL HLUXX UVMJN STHRD GIIAQ QVDFL
UTCQS XDCDC BJMGD RPKFS ESLWA ABPPC RQECL EDELA JNSUI DPGEM MVXID
MBBES XFWPI JSKIA HGAZZ YYYYY
(AES, Question)
Oyster Cards vulnerable to RFID hack, lots of other systems too
includes video
Anonymous,
That doesn’t work with my AES decryption utility (TextMate).
“Oyster cards shucked” would be more pithy.
Credit-card companies killed Mythbusters segment on RFID vulnerabilities
By Cory Doctorow on Gadgets
Check out the first two minutes of this clip of Mythbusters’ Adam Savage telling the folks at the HOPE hackercon about how the Discovery Channel was bullied by big credit-card companies out of airing a program about how crappy the security in RFID tags is. Arphid Watch: Mythbusters and RFID