On 29 May, 16:20, Frobinrobin wrote:
To be honest, my opinion is ANY wireless technology is a security hole.

According to wikipedia Oyster uses the MIFARE standard 1K chips in the
cards:

"The MIFARE Standard 1k offers about 768 bytes of data storage, split
into 16 sectors; each sector is protected by two different keys,
called A and B. They can be programmed for operations like reading,
writing, increasing value blocks, etc.). MIFARE Standard 4k offers 3
kB split into 64 sectors."

http://en.wikipedia.org/wiki/MIFARE

Not sure if those A& B keys mean theres a public private key system
(though I'm not sure how that would work in the case of a smartcard
which has to give full read & write access to the reader to be of any
use) or the keys perform seperate tasks, eg Key A is used just encode
& decode the pay as you go money amount and key B everything else or
some variation on that theme, and I guess these must either be
standard keys used for all cards or TfL has a central database of
card IDs linked to specific keys for each card and if the card ID
isn't in there it can't be used. If its the former then the system
looks wide open to abuse.

B2003