Skip to main content

Oyster card security flaws published

Details of how to hack an Oyster Card are published
Details of how to hack an Oyster Card are published

Professor Bart Jacobs and researchers at Radboud University in Holland have finally published details of an Oyster card hack that has allowed them to clone the smart card.

Manufacturer NXP semiconductor had sought an injunction to delay the publishing of the paper, but the Prof and his team have now released the details at the European Symposium on Research in Computer Security (Esorics) 2008 security conference in Spain.

However, Prof Jacobs has said this is "not a guidebook for attacks".

The publishing of the findings represents a delay of around seven months after the legal action taken by the Dutch manufacturers, a spin-off company from Philips.


Steve Owen, Vice President of Sales and Marketing within NXP Semiconductors, said the delay was only to give customers time to change their systems, according to the BBC.

"We sought the injunction to cause a delay, not to completely stop the publication," he said.

He also points out that new installations should think twice about installing entry systems based on the smartcard due to the possible security breaches.

Shashi Verma, Director of Fares and Ticketing at Transport for London, also told the BBC that the organisation was already aware of the problem, and simply copying the card would not be enough.

"We knew about it before we were informed by the students. A number of forensic controls run within the back office systems which is something that customers and these students have no ability to touch."