• On mySimon: Dc Shoes Court Graffik Skate Shoe Kids

Defense in Depth

Read all 'Mifare' posts in Defense in Depth
June 26, 2008 1:43 PM PDT

London transit cards cracked and cloned

by Robert Vamosi
  • 1 comment

Last week a Dutch researcher rode free on the London transit system, having hacked the public transit system's card system; he used a clone of a paying passenger's transit cards. His point? The transit smartcards, which are used my millions worldwide, are vulnerable to attack.

Dr. Bart Jacobs of Radboud University in Holland used an ordinary laptop to show how to clone the Mifare Classic smartcard used in London's Oyster transit card. The Mifare Classic smartcard is used for worker access cards as well.

Once he obtained the key used by the London transit system, Dr. Jacobs then brushed up aside passengers carrying Oyster cards. Wirelessly, Jacobs collected the person's card information on his laptop and later he was able to use that data to clone a fresh transit card and gain free access to the London transit system.

You can watch a video of a similar attack conducted on work access cards.

"You only have to walk down the street to see contactless access control systems everywhere," Adam Laurie, a wireless security researcher, told the London Times . "It used to be a magnetic strip, now it's a card held up to a reader on the wall. A large percentage of these will have Mifare technology and are very vulnerable to attack. They should all be replaced."

The Dutch government is already taking that advice. A ministry official told the Times that the government is replacing the cards of all 120,000 civil servants at central government level. A spokesperson for the London transit system downplayed the importance of Dr. Jacobs' experiment and told the Times, "This was not a hack of the Oyster system. It was a single instance of a card being manipulated."

The Mifare Classic is produced by NXP Semiconductors, a company based in the Netherlands. The encryption used in the cards has been shown to be broken. Newer Mifare cards, however, are more secure, but the Classic version remains popular, with over 500 million cards in use worldwide.

In the United States, Boston's Charlie transit card is based on the Mifare Classic technology. Mifare Classic is also used for transit systems or worker access in Hong Kong, Beijing, Madrid, Bangkok, and New Delhi.

Topics:
Security
Tags:
security,
Mifare,
Oyster card,
London,
transit card,
Adam Laurie,
Dr Bart Jacobs,
Radboud University
Share:
Digg
Del.icio.us
Reddit
  • prev
  • 1
  • next
advertisement

Inside the Apple, er, Microsoft Store

Although Redmond's foray into retail bears a big resemblance to Apple's approach, Microsoft has added some distinctive features to draw casual PC buyers and techies alike.

Big marketing budget drives Moto Droid sales

Verizon and Motorola are spending big bucks--$100 million--on marketing the new smartphone, and it looks like it will pay off with 1 million devices sold by year's end.

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

Most Discussed



advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET