On Jul 22, 9:40 am, wrote:
On Jul 21, 6:25 pm, Tom Barry wrote:

Adrian wrote:
"Batman55" gurgled happily, sounding much like
they were saying:

"Details of how to copy the Oyster cards used on London's transport
network can be published, a Dutch judge has ruled. "

Seehttp://news.bbc.co.uk/1/hi/technology/7516869.stmMaxB

And quite right too. Security by obscurity is a laughable farce.

Indeed. What NXP were trying to do smacks of claiming you can walk
safely off Beachy Head after banning the teaching of the Theory of Gravity.

I notice LUL are still claiming Oyster security is perfectly ok. Do
they live in a parallel universe or something?
The sooner this whole Oyster card b0ll0cks is blown apart the better ,
then we can get back to normal tickets without any you-forgot-to-touch-
out scams.

We don't know what the technique is yet. But assuming TfL have cameras
watching all the gates and centralized instant access to every card
being used then it's not going to be too easy to exploit even if
cloning the card is a simple as running it through a photocopier.

The easiest exploit is going to be when a few people get together to
exploit the cap. Assuming that only one person uses the card at a time
then AFAIAA technically they're not breaking the rules so long as they
actually exchange the card. Cloning allows them to skip the need to
physically swap the card but can be detected if the card is used at
two remote stations too quickly.

I don't know if weekly travelcards need photo ID as well. If not then
that's potentially another exploit for people who travel between
ungated stations. Because it's not necessary to touch in/touch out
with a travelcard, the chance of both clones getting inspected close
enough in time to detect a duplication is probably minimal. Of course,
the obvious initial step to stop this will be to make it a requirement
for travelcard holders to touch in and touch out - although I believe
there are still some stations where this isn't possible there are
going to be few journeys where it can't happen at either end.

It's also possible that the central computer can detect a card being
used that has a "missing" journey on it - I'm not sure how much
information is recorded on the card - which would make using even a
cloned, capped, PAYG stick out like a sore thumb.

The other attack is to clone someones card as then exit the tube -
shouldn't be too hard to scan their card if, like me, they just stick
it in their trouser pocket and the area is crowded enough. If it's
then trivial to clone that info onto another card then someone could
make a free journey with no flags showing. It would be the innocent
cardholder who would get flagged. But again, such an attack is going
to show up on CCTV eventually and it's going to involve at the very
least people wandering around with laptops to read and reprogram cards
and I don't see it as being a significant revenue risk to TfL -
although it could be a significant risk to users if they're one of the
unlucky ones who's card gets cloned. Expect wallets with tinfoil so
you have to open the wallet to let the card be read if this sort of
attack looks like it might be happening.

Tim.