Details of Oyster Card Hack To Be Released in October

Oyster Card Security Issues could join Signal Failures and Trade union disputes in the list of significant problems that Transport for London could be facing in the forthcoming months.

A ruling in Netherlands now means that details of vulnerabilities within the Oyster card's security system could be published as early as in October 2008.

An injunction was taken ou by the manufacturers of the smartcard, NXP, to stop Professor Bart Jacobs and colleagues from Radboud University in Nijmegen from making public their research on the shortcomings of the Oyster card.

Singularly, it reminds the old hats at ITProportal.com of the case of that French lad, Serge Humpich, who managed to break down single-handedly the French banking card system back in 2000 but ended up in jail rather than getting published.

A spokesperson for Transport of London told the BBC, which broke the story, that "Transport for London remains confident in the security of the Oyster card system. We take fraud and the security of personal data extremely seriously and constantly review our security procedures."

"Any fraudulent card would be identified within 24 hours of being used and blocked. Using a fraudulent card for free travel is subject to prosecution and we would seek to enforce this wherever possible."

Already three groups are known to have cracked the MiFare Classic technology which is used by the Oyster card and many more smartcards worldwide, so it was just a matter of time before one of them disclosed their results.

The information disclosure could give generate a rise in the number of fraudulous cloned Oyster cards in circulation and may cause the demise of NXP should its customers sue the company for selling unfit products.