View Single Post
  #12   Report Post  
Old July 22nd 08, 05:18 PM posted to uk.transport.london
tim..... tim..... is offline
external usenet poster
 
First recorded activity at LondonBanter: Dec 2006
Posts: 836
Default Oyster card hack


wrote in message
...
On Jul 22, 9:40 am, wrote:
On Jul 21, 6:25 pm, Tom Barry wrote:

Adrian wrote:
"Batman55" gurgled happily, sounding much
like
they were saying:


"Details of how to copy the Oyster cards used on London's transport
network can be published, a Dutch judge has ruled. "


Seehttp://news.bbc.co.uk/1/hi/technology/7516869.stmMaxB


And quite right too. Security by obscurity is a laughable farce.


Indeed. What NXP were trying to do smacks of claiming you can walk
safely off Beachy Head after banning the teaching of the Theory of
Gravity.


I notice LUL are still claiming Oyster security is perfectly ok. Do
they live in a parallel universe or something?
The sooner this whole Oyster card b0ll0cks is blown apart the better ,
then we can get back to normal tickets without any you-forgot-to-touch-
out scams.

We don't know what the technique is yet.


Given that the Oyster central database knows how much money you have on you
card, I assume that it's going to work by adding more virtual money to the
card, but not to the database. This will enable you to use the card for
journeys on a part of the system that is not permanently online (which I
guess means only buses).

ISTM that this will only work until the remote machine syncs up with the
central database, when the fraud will be recognised, the card blocked and
the journey analysed to see if there are people making the same journey on
hacked cards.

Methinks no-one will get away using a hacked card for long enough before
they are nabbed, for it to be worth the criminal penalty that they will
receive.

BICBW


tim