Free travel round London is something most of us can only dream of but researchers at Radboud University in Nijmegen in the Netherlands claim to have cloned an Oyster Card and have even tried out their wares, travelling for nothing on the underground.
More worryingly, the team also instigated a DDoS (denial of service) attack on a tube gate, putting it out of service.
The 'research' was undertaken by researchers Wouter Teepe and Bart Jacobs. According to the pair, all they used was a regular laptop, where they managed to top-up their cards with credit, without actually paying any money.
Speaking about the research and the implications to London's transport system, Jacobs insists: "We will not release software to manipulate the cards, but people will have enough information to write the software themselves."
There are plans to publish the full research in October.
London is your Oyster
The news of this security breach comes just a few moths after the TfL (Transport for London) spoke to TechRadar about potential security issues arising from the Oyster Card, insisting that: "The security of the Oyster system has never been breached. We run daily tests for clone cards or rogue devices and none have been discovered." This, however, now does not now seem to be the case.
We have contacted TfL and are awaiting a reply, but a new statement from the company regarding the researchers' findings now states: "We run daily tests for cloned or fraudulent cards and any found would be stopped within 24 hours of being discovered. Therefore the most anyone could gain from a rogue card is one day's travel."