Professor Bart Jacobs and researchers at Radboud University in Holland have finally published details of an Oyster card hack that has allowed them to clone the smart card.
Manufacturer NXP semiconductor had sought an injunction to delay the publishing of the paper, but the Prof and his team have now released the details at the European Symposium on Research in Computer Security (Esorics) 2008 security conference in Spain.
However, Prof Jacobs has said this is "not a guidebook for attacks".
The publishing of the findings represents a delay of around seven months after the legal action taken by the Dutch manufacturers, a spin-off company from Philips.
Delay
Steve Owen, Vice President of Sales and Marketing within NXP Semiconductors, said the delay was only to give customers time to change their systems, according to the BBC.
"We sought the injunction to cause a delay, not to completely stop the publication," he said.
He also points out that new installations should think twice about installing entry systems based on the smartcard due to the possible security breaches.
Shashi Verma, Director of Fares and Ticketing at Transport for London, also told the BBC that the organisation was already aware of the problem, and simply copying the card would not be enough.
"We knew about it before we were informed by the students. A number of forensic controls run within the back office systems which is something that customers and these students have no ability to touch."
del.icio.us
Digg
reddit!
Facebook
Stumbleupon
Newsvine
Your comments (1) Click to add a new comment
tinbucket
October 14th
1. you can already buy cloned oysters out there - it's common place. leave your clone in the holder and no one see's it's not original.
Alert a moderator
Tell us what you think
You need to Log in or register to post comments