This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Oyster card hackers may have their research blocked

Share this article:
Dutch academics who visited London to break the cryptography behind the Oyster card may have their work on the subject blocked by the country's Government.

Dutch secretary of state Tineke Huizinga urged Bart Jacobs and Wouter Teepe not to publish any secrets of their hack that may lead to smartcard systems being abused.

The duo, from Radboud University in Nijmegen, had planned to publish a paper on the subject at the Esorics security conference in October.

The Dutch Government was going to introduce a smartcard payments system based on the same chip as Oyster, called Mifare. But it postponed the 1bn euro project earlier this year after Jacobs and Teepe revealed they could carry out the hack.

Jacobs defended his research. Quoted in the Dutch ICT publication WebWereld, he said he was providing mathematical analysis and not attack code. "It requires a lot of expert work to transform the analysis from the Esorics paper into a working device for performing attacks on card installations," he said.

He added that other groups may have written tools to carry out such an attack and distributed them on the internet. He could offer no additional comment at the time of writing.

Academics from University College London have also broken the Mifare cipher. UCL's Nicolas Courtois said he could carry out his attack in just 12 seconds.

Transport for London maintains that making a clone of an Oyster card is illegal.
Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

GCHQ 'spied on Germany's Deutsche Telekom'; Germans sell spyware

GCHQ 'spied on Germany's Deutsche Telekom'; Germans sell ...

UK and US spies reported to spy on Deutsche Telekom in Snowden documents, while Germany's FinFisher accused of supplying surveillance software to repressive regimes.

Amazon's £600m Twitch gaming site hit by malware

Amazon's £600m Twitch gaming site hit by malware

The Twitch.tv online gaming platform, which is now owned by Amazon and has more than 55 million monthly viewers, has been infected with malware that spends users' money without their ...

China's cyber spying 'production line' approach no game for amateurs

China's cyber spying 'production line' approach no game ...

Chinese cyber-spying production line shares tools and tactics between different groups suggesting cooperation or at least similar training.