Thread: Have Oyster cards been hacked yet?
View Single Post
  #4   Report Post  
Old May 29th 07, 03:41 PM posted to uk.transport.london
Boltar Boltar is offline
external usenet poster
  
First recorded activity at LondonBanter: Jul 2003
Posts: 1,346
Default Have Oyster cards been hacked yet?
On 29 May, 16:20, Frobinrobin wrote:
To be honest, my opinion is ANY wireless technology is a security hole.

According to wikipedia Oyster uses the MIFARE standard 1K chips in the
cards:

"The MIFARE Standard 1k offers about 768 bytes of data storage, split
into 16 sectors; each sector is protected by two different keys,
called A and B. They can be programmed for operations like reading,
writing, increasing value blocks, etc.). MIFARE Standard 4k offers 3
kB split into 64 sectors."

http://en.wikipedia.org/wiki/MIFARE

Not sure if those A& B keys mean theres a public private key system
(though I'm not sure how that would work in the case of a smartcard
which has to give full read & write access to the reader to be of any
use) or the keys perform seperate tasks, eg Key A is used just encode
& decode the pay as you go money amount and key B everything else or
some variation on that theme, and I guess these must either be
standard keys used for all cards or TfL has a central database of
card IDs linked to specific keys for each card and if the card ID
isn't in there it can't be used. If its the former then the system
looks wide open to abuse.

B2003

Reply With QuoteReply With Quote