Groups

    Court rules Oyster hack can be revealed

    A Dutch judge has ruled that researchers can publish details of how to crack the oyster card used on Londons public transport system. NXP, which makes the oyster card, had taken out an injunction to stop Professor Bart Jacobs and colleagues from Radboud University in Nijmegen from publishing their research into the security flaws in the Oyster card.

    The university welcomed the ruling, saying "...in a democratic society it is of great importance that the results of scientific research can be published". NXP is arguing that it will take months before it finds out a way to fix the flaw that allows the cards to be cloned. It has reportedly said that publishing the detailed research will serve no useful purpose.


    Sources :
    vnunet.com/vnu…ack

    neowin.net/new…led

    19 Comments

    well it was always gonna leave a salty taste in one's mouth somehow.

    Alfonse;2584126

    well it was always gonna leave a salty taste in one's mouth somehow.



    Old news.

    Alfonse;2584126

    well it was always gonna leave a salty taste in one's mouth somehow.



    lol

    emasu;2584133



    OYSTER get it LOL

    rob585;2584140

    OYSTER get it LOL



    I was gonna say "That's what i often tell my girlfriend" but thought i better not

    Banned

    emasu;2584154

    I was gonna say "That's what i often tell my girlfriend" but thought i … I was gonna say "That's what i often tell my girlfriend" but thought i better not



    :giggle:

    emasu;2584154

    I was gonna say "That's what i often tell my girlfriend" but thought i … I was gonna say "That's what i often tell my girlfriend" but thought i better not



    excellent reply....:thumbsup:

    emasu;2584154

    I was gonna say "That's what i often tell my girlfriend" but thought i … I was gonna say "That's what i often tell my girlfriend" but thought i better not



    Pfft. You don't have a girlfriend...

    rob585;2584174

    excellent reply....:thumbsup:



    Touché.

    duckmagicuk2;2584177

    Pfft. You don't have a girlfriend...

    Banned

    emasu;2584154

    I was gonna say "That's what i often tell my girlfriend" but thought i … I was gonna say "That's what i often tell my girlfriend" but thought i better not



    Yeah, not point telling lies about having a Girlfriend :thumbsup:

    so ... where's the published material ? not that anything can be done if your card is not cloned but isnt this what hacks get paid to do, to hack into own system to test its failsafe features.

    kippy;2584306

    so ... where's the published material ? not that anything can be done if … so ... where's the published material ? not that anything can be done if your card is not cloned but isnt this what hacks get paid to do, to hack into own system to test its failsafe features.



    They've not been paid to do it!! And it's not their own system!! That's the whole point.

    They're a group of researchers at a university. They found the "hack" as a part of their research, and decided to send their findings to the company who make the cards so that they could fix the system (as you say should happen).

    Instead of fixing their system, the company simply tried to prevent the details from being published. The researches have had this over-turned in court. They intended to give the company plenty of warning, but the company threw it back in their faces so the report will be published in October.

    :thumbsup:

    thanks for the explanation. wow i wasnt aware of the news story but yes, it sounds like the company is in denial for getting all these major city contracts and prefering not to go the extra mile to ensure the system's fixed! my first thought is ... are londoners going to have to fork out more AGAIN for this fix, not that we have a choice really ...

    kippy;2584447

    thanks for the explanation. wow i wasnt aware of the news story but yes, … thanks for the explanation. wow i wasnt aware of the news story but yes, it sounds like the company is in denial for getting all these major city contracts and prefering not to go the extra mile to ensure the system's fixed! my first thought is ... are londoners going to have to fork out more AGAIN for this fix, not that we have a choice really ...



    I'd guess it'd be upto the company who installed the systems to foot the bill, as they've provided a service to the government (almost certainly agreeing to a strict contract with all sorts of penalties), who have paid for the service in the good faith that the system works.

    If the system they have provided doesn't live upto its requirements then I suppose they'll either have to fix it or pay some sort of fine. I'd guess they'd go with fix it (and sharpish) as it'd be a big contract to lose.

    Yeah if anyone doesn't already know, when topping up an Oyster via a debit card, just hold down 9 and "Ok" (sometimes "Enter" or similar), type the last 4 digits of your card number then 6969, wait for the error screen and type 845 - you'll have £2.50 instantly added. You can do this as many times as you desire and your card will NOT be read by the machine as long as you don't enter your PIN and can't be linked back to you.

    Works 110% - been using this method to travel to/from work for months now.

    EDIT: Sorry, another useful bit of info: If you have one of the 'newer' cards and this doesn't work for you, you may have to enter your PIN incorrectly 3 or 4 times in order for it to reject your card, then you go on as normal.

    kippy;2584447

    thanks for the explanation. wow i wasnt aware of the news story but yes, … thanks for the explanation. wow i wasnt aware of the news story but yes, it sounds like the company is in denial for getting all these major city contracts and prefering not to go the extra mile to ensure the system's fixed! my first thought is ... are londoners going to have to fork out more AGAIN for this fix, not that we have a choice really ...



    Check Fujitsu and the NHS then, if that winds you up...:x

    As the article says though, the reason why this thing SHOULD be published is because the chances are that there's already people cloning cards un-noticed using this method... and publishing this would force the company to close the gap to these people as well.

    the judge is wise ... now where's the nearest oyster topup station to me, and where is that spare free oyster card ...
    Post a comment
    Avatar
    @
      Text
      Top Discussions
      1. Veteran TV host Sir Bruce Forsyth dies at 892529
      2. Veteran TV presenter doesn't die but gets damages from the Police - is that…66
      3. Just heard this...2 ★★★★★★★★★★★★★★ congrats to all on 392k ★★★★★★★★★★★★★★7764306
      4. ❅☁☁❅ I want☼to talk☼about the☔WEATHER☔no politics☃no religion❅☁☁❅18846211

      See more discussions