Court rules Oyster hack can be revealed - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HUKD, you accept our cookie and privacy policy.
Get the HUKD app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

Court rules Oyster hack can be revealed

spobby Avatar
8y, 4m agoPosted 8 years, 4 months ago
A Dutch judge has ruled that researchers can publish details of how to crack the oyster card used on Londons public transport system. NXP, which makes the oyster card, had taken out an injunction to stop Professor Bart Jacobs and colleagues from Radboud University in Nijmegen from publishing their research into the security flaws in the Oyster card.

The university welcomed the ruling, saying "...in a democratic society it is of great importance that the results of scientific research can be published". NXP is arguing that it will take months before it finds out a way to fix the flaw that allows the cards to be cloned. It has reportedly said that publishing the detailed research will serve no useful purpose.


Sources :
http://www.vnunet.com/vnunet/news/2222161/court-rules-oyster-hack

http://neowin.net/news/main/08/07/22/court-rules-oyster-hack-can-be-revealed
spobby Avatar
8y, 4m agoPosted 8 years, 4 months ago
Options

All Comments

(19) Jump to unreadPost a comment
Comments/page:
#1
well it was always gonna leave a salty taste in one's mouth somehow.
#2
Alfonse;2584126
well it was always gonna leave a salty taste in one's mouth somehow.


:o
#3
Old news. :p
#4
Alfonse
well it was always gonna leave a salty taste in one's mouth somehow.


lol
#5
emasu
:o


OYSTER get it LOL
#6
rob585;2584140
OYSTER get it LOL


I was gonna say "That's what i often tell my girlfriend" but thought i better not :(
banned#7
emasu
I was gonna say "That's what i often tell my girlfriend" but thought i better not :(


:giggle:
#8
emasu
I was gonna say "That's what i often tell my girlfriend" but thought i better not :(


excellent reply....:thumbsup:
#9
emasu
I was gonna say "That's what i often tell my girlfriend" but thought i better not :(


Pfft. You don't have a girlfriend...
#10
rob585
excellent reply....:thumbsup:


Touché.

duckmagicuk2
Pfft. You don't have a girlfriend...
banned#11
emasu;2584154
I was gonna say "That's what i often tell my girlfriend" but thought i better not :(


Yeah, not point telling lies about having a Girlfriend :thumbsup:
#12
so ... where's the published material ? not that anything can be done if your card is not cloned but isnt this what hacks get paid to do, to hack into own system to test its failsafe features.
#13
kippy
so ... where's the published material ? not that anything can be done if your card is not cloned but isnt this what hacks get paid to do, to hack into own system to test its failsafe features.


They've not been paid to do it!! And it's not their own system!! That's the whole point.

They're a group of researchers at a university. They found the "hack" as a part of their research, and decided to send their findings to the company who make the cards so that they could fix the system (as you say should happen).

Instead of fixing their system, the company simply tried to prevent the details from being published. The researches have had this over-turned in court. They intended to give the company plenty of warning, but the company threw it back in their faces so the report will be published in October.

:thumbsup:
#14
thanks for the explanation. wow i wasnt aware of the news story but yes, it sounds like the company is in denial for getting all these major city contracts and prefering not to go the extra mile to ensure the system's fixed! my first thought is ... are londoners going to have to fork out more AGAIN for this fix, not that we have a choice really ...
#15
kippy
thanks for the explanation. wow i wasnt aware of the news story but yes, it sounds like the company is in denial for getting all these major city contracts and prefering not to go the extra mile to ensure the system's fixed! my first thought is ... are londoners going to have to fork out more AGAIN for this fix, not that we have a choice really ...


I'd guess it'd be upto the company who installed the systems to foot the bill, as they've provided a service to the government (almost certainly agreeing to a strict contract with all sorts of penalties), who have paid for the service in the good faith that the system works.

If the system they have provided doesn't live upto its requirements then I suppose they'll either have to fix it or pay some sort of fine. I'd guess they'd go with fix it (and sharpish) as it'd be a big contract to lose.
#16
Yeah if anyone doesn't already know, when topping up an Oyster via a debit card, just hold down 9 and "Ok" (sometimes "Enter" or similar), type the last 4 digits of your card number then 6969, wait for the error screen and type 845 - you'll have £2.50 instantly added. You can do this as many times as you desire and your card will NOT be read by the machine as long as you don't enter your PIN and can't be linked back to you.

Works 110% - been using this method to travel to/from work for months now.

EDIT: Sorry, another useful bit of info: If you have one of the 'newer' cards and this doesn't work for you, you may have to enter your PIN incorrectly 3 or 4 times in order for it to reject your card, then you go on as normal.
#17
kippy
thanks for the explanation. wow i wasnt aware of the news story but yes, it sounds like the company is in denial for getting all these major city contracts and prefering not to go the extra mile to ensure the system's fixed! my first thought is ... are londoners going to have to fork out more AGAIN for this fix, not that we have a choice really ...


Check Fujitsu and the NHS then, if that winds you up...:x
#18
As the article says though, the reason why this thing SHOULD be published is because the chances are that there's already people cloning cards un-noticed using this method... and publishing this would force the company to close the gap to these people as well.
#19
the judge is wise ... now where's the nearest oyster topup station to me, and where is that spare free oyster card ...

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!