Skip to main content

Underground's Oyster Card Hit By Security Identity Issue

For the second time this year, the technology behind the popular Oyster Card has been compromised after Dutch researchers unearthed yet another security flaw, an issue that could affect more than 17 million cards.

Dr Bart Jacobs of Radboud University in Holland did a demonstration with a bog-standard laptop and managed to clone a swipe access card to a Dutch public building which uses the same MiFare technology.

Dr Jacobs and his team then travelled to London and travelled on the underground for free for 24 hours to highlight the massive problem that this could cause on the underground.

The problem is compounded by the fact that the criminal does not need to have physical access to the card(s) to be able to access the information on it; a proximity data sniffer is more than enough to gather a card user's information.

The MiFare Chip was created back in 1994 by Global Electronics giant Philips and currently roughly two billions have been sold worldwide.

The Dutch government, which Dr Jacobs first informed, has swiftly replaced the cards that were provided to its 120,000 civil servants to access its buildings.

Back in March, a trio of young computer geeks from the university of Virginia managed to crack the MiFare security system.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.