Thread: Oyster card hack
View Single Post
  #17   Report Post  
Old July 22nd 08, 08:28 PM posted to uk.transport.london
Tim Woodall Tim Woodall is offline
external usenet poster
  
First recorded activity at LondonBanter: Aug 2006
Posts: 112
Default Oyster card hack
On Tue, 22 Jul 2008 18:18:08 +0100,
tim..... wrote:

Methinks no-one will get away using a hacked card for long enough before
they are nabbed, for it to be worth the criminal penalty that they will
receive.

I agree. There's "pickpocketing" a card as someone exits the gate.
But it's still not going to work very well if the "pickpocket" makes a
regular journey. It might take a couple of weeks rather than a couple of
days before red flags come up. And it seems unlikely that any casual
user is going to go to all the trouble to save a few pounds - they're
far more likely just to sneak through the gates behind someone else.

Then there's sharing a card to only have one cap. But I wonder how many
people are going to make a journey, then phone their accomplice "Ok, I'm
out. Now you make the journey." It's the sort of thing some university
students might do to prove it can be done but it seems unlikely there
are many other people who will bother. (It would already probably be
possible to do this where there's mobile reception - person 1 makes the
journey as normal. Then then have a laptop with 3G modem and card
transponder. Other person also has a card transponder also wired up to a
laptop. Second person touches with transponder - data is transmitted
from laptop to laptop and the signals replayed to the card. If you were
really careful you might even be able to fool a train inspector with
this technique on the overground.)

Perhaps the biggest threat is from the people who enter at an ungated,
distant station and have a zone 1&2 travelcard. Currently they can just
"forget" to touch out - I don't know what systems are in place to detect
that - but now they can potentially have a fake card that appears to
have a valid touch in if they are inspected on the train. (And is there
anywhere in Z1&2 where you can enter or exit without going through a
gateline? That would be an obvious way to detect cards being used like
this if every Z1&2 station has a gateline)

I suppose the other possibility is to have two fake cards, put a few
(fake) pounds on each, touch in on one and out on the other. (maybe even
have a fake entry on the "out" card). That way, if the system spots the
fake entry while you're travelling it can't block the card before
attempting to exit with it because it will never be used again. But
again, you'd better not have a regular journey doing this because it's
still going to be noticed, just not necessarily easy to automatically
block.


Tim.

--
God said, "div D = rho, div B = 0, curl E = - @B/@t, curl H = J + @D/@t,"
and there was light.

http://www.woodall.me.uk/ http://www.locofungus.btinternet.co.uk/
Reply With QuoteReply With Quote