Ad: Manage updates with the Download App
ie8 fix

mifare

Dutch reporter won't be charged for transit card fraud

A Dutch prosecutor has decided not to charge journalist Brenno de Winter with fraud for publicly discussing security weaknesses in the country's new OV transit chip card.

"Given the public interest, (his) meticulous work and the minimal damage caused, the prosecutor stated that the importance of freedom of information in this case outweighs (claims of fraud) and decided to close the case," a statement from the Dutch public prosecutor in Utrecht said.

De Winter told CNET in an interview that he is relieved at the decision and will now be able to resume his writing on the … Read more

Journalist faces charges over transit card flaw reports

LAS VEGAS--Dutch journalist Brenno de Winter has covered Black Hat and Defcon for years, but he won't be at the security conferences here this week and is hindered in his work after being targeted by Dutch transportation companies for publicizing weaknesses in the new transit chip card.

De Winter, a freelancer who covers security for IDG affiliate WebWereld and other Dutch media outlets, has written articles about the problems with the OV transit chip card and appeared on numerous TV and radio stations in January demonstrating how the OV transit payment system could be defrauded by using software tools available on the Internet. Introduction of the card was temporarily postponed, and the Dutch Parliament skipped a debate on the war in Afghanistan to discuss the matter, he told CNET in a call today.

Trans Link Systems--formed by the five largest Dutch public transportation companies to create a single payment system, dubbed the OV chip card--filed a criminal complaint against de Winter with the public prosecutor's office and in June police questioned him for four hours, he said. No official charges have been filed, but de Winter said he has learned that he potentially faces charges of manipulating a debit card, having the tools to do so, and hacking a system, which could bring a six-year prison sentence.

A Trans Link spokesman said de Winter was questioned as part of an investigation into fraud. "Trans Link Systems filed a criminal complaint with the public prosecutor's office against fraud with OV-chipcards. Not against de Winter," spokeswoman Anita Hilhorst said in an e-mail statement. "The public prosecutor has investigated this fraud and because of this investigation the police questioned de Winter."… Read more

D-Day for RFID-based transit card systems

Want to ride the subway for free without having to jump the turnstiles? Well, as of Monday, you'll be able to do that by making a fake transit card.

A scientific paper detailing the security flaws in the Mifare Classic wireless smart card chip used in transit systems around the world is being published by the Radboud University Nijmegen. And a researcher at Humboldt University in Berlin has published a full implementation of the algorithm (PDF).

"Combining these two pieces of information, attacks can now be implemented by anyone," RFID researcher Karsten Nohl told CNET News. "… Read more

Judge orders halt to Defcon speech on subway card hacking

LAS VEGAS--A federal judge on Saturday granted the Massachusetts transit authority's request for an injunction preventing three MIT students from giving a presentation about hacking smartcards used in the Boston subway system.

The Electronic Frontier Foundation, which is representing the students, anticipates appealing the ruling, said EFF senior staff attorney Kurt Opsahl.

The undergraduate students had been scheduled to give a presentation Sunday afternoon at the Defcon hacker conference here that they had said would describe "several attacks to completely break the CharlieCard," an RFID card that the Massachusetts Bay Transportation Authority uses on the Boston T … Read more

Dutch court allows publication of Mifare security hole research

Updated 8:30 a.m. PDT with researcher comment and photos. Updated 11:17 a.m. with NXP comment.

NEW YORK--A Dutch court ruled on Friday that a university can publish an article on security flaws in the Mifare Classic wireless smart card chip, the most popular chip used in transit systems around the world.

NXP Semiconductors, formerly Philips Semiconductors, sued to prevent computer science professor Dr. B. Jacobs Radboud at University Nijmegen from publishing a scientific paper on the technology, arguing that it would be irresponsible to make the information public.

The Rechtbank Arnhem court ruled that prohibiting publishing … Read more

London transit cards cracked and cloned

Last week a Dutch researcher rode free on the London transit system, having hacked the public transit system's card system; he used a clone of a paying passenger's transit cards. His point? The transit smartcards, which are used my millions worldwide, are vulnerable to attack.

Dr. Bart Jacobs of Radboud University in Holland used an ordinary laptop to show how to clone the Mifare Classic smartcard used in London's Oyster transit card. The Mifare Classic smartcard is used for worker access cards as well.

Once he obtained the key used by the London transit system, Dr. Jacobs … Read more