I'm not sure how hard or not it would be to do. I'm presuming it uses
some form of encryption though given any reader can show you how much
you have left and where you've been then theres either some basic
system wide common key encryption going on or none at all which makes
me wonder how easy it would be to extract the details if you had a
suitable reader yourself or even up the amount of cash on a pre-pay.
Apparently the MIFARE system can work at much greater ranges than the
one TfL uses so I'm also wondering if it would be possible to grab
details from travellers as they walk past an office building and so
forth. Anyone heard any rumours of anything like this happening?

B2003

On 29 May, 15:43, Boltar wrote:
I'm not sure how hard or not it would be to do. I'm presuming it uses
some form of encryption though given any reader can show you how much
you have left and where you've been then theres either some basic
system wide common key encryption going on or none at all which makes
me wonder how easy it would be to extract the details if you had a
suitable reader yourself or even up the amount of cash on a pre-pay.
Apparently the MIFARE system can work at much greater ranges than the
one TfL uses so I'm also wondering if it would be possible to grab
details from travellers as they walk past an office building and so
forth. Anyone heard any rumours of anything like this happening?

B2003


I've not heard of any rumours about this and I doubt anyone of
knowledge would share it but I'm fairly confident that TfL has
factored in the insecurity of Oyster.
I read some interesting things about RFID and my opinion is that its
just not safe, I would not put sensitive data
Oyster Card uses RFID technology (Radio Frequency IDentification) so
the signal can be `easily` read, decrypting the signal may be
significantly harder but let's be honest even the most secure since
when has that stopped hackers.

On 29 May, 15:43, Boltar wrote:
I'm not sure how hard or not it would be to do. I'm presuming it uses
some form of encryption though given any reader can show you how much
you have left and where you've been then theres either some basic
system wide common key encryption going on or none at all which makes
me wonder how easy it would be to extract the details if you had a
suitable reader yourself or even up the amount of cash on a pre-pay.
Apparently the MIFARE system can work at much greater ranges than the
one TfL uses so I'm also wondering if it would be possible to grab
details from travellers as they walk past an office building and so
forth. Anyone heard any rumours of anything like this happening?

B2003

Hi B2003, I replied but I pressed submit accidentally so ignore any
other response I have made.

I've read some interesting things about RFID (Radio Frequency
IDentification) that would suggest RFID is not 100% secure and "could"
be hacked (http://www.doxpara.com/read.php/security/rfid.html), I'd
expect that TfL have used any security available because it protects
their all important revenue.

That said, this sort of theft would go un-noticed unless the thief
tried to use the card in the same station and at the time period as
the victim, and they would hardly get noticed either.

To be honest, my opinion is ANY wireless technology is a security hole.

On 29 May, 16:20, Frobinrobin wrote:
To be honest, my opinion is ANY wireless technology is a security hole.

According to wikipedia Oyster uses the MIFARE standard 1K chips in the
cards:

"The MIFARE Standard 1k offers about 768 bytes of data storage, split
into 16 sectors; each sector is protected by two different keys,
called A and B. They can be programmed for operations like reading,
writing, increasing value blocks, etc.). MIFARE Standard 4k offers 3
kB split into 64 sectors."

http://en.wikipedia.org/wiki/MIFARE

Not sure if those A& B keys mean theres a public private key system
(though I'm not sure how that would work in the case of a smartcard
which has to give full read & write access to the reader to be of any
use) or the keys perform seperate tasks, eg Key A is used just encode
& decode the pay as you go money amount and key B everything else or
some variation on that theme, and I guess these must either be
standard keys used for all cards or TfL has a central database of
card IDs linked to specific keys for each card and if the card ID
isn't in there it can't be used. If its the former then the system
looks wide open to abuse.

B2003

On 29 May 2007 08:41:16 -0700, Boltar wrote:

Not sure if those A& B keys mean theres a public private key system
(though I'm not sure how that would work in the case of a smartcard
which has to give full read & write access to the reader to be of any
use) or the keys perform seperate tasks, eg Key A is used just encode
& decode the pay as you go money amount and key B everything else or
some variation on that theme, and I guess these must either be
standard keys used for all cards or TfL has a central database of
card IDs linked to specific keys for each card and if the card ID
isn't in there it can't be used. If its the former then the system
looks wide open to abuse.

I don't know TFL's impelmentation but normally mifare is setup with one
side as security and the other side for vending, I guess they have made
this split for travelcards and top up. The basic idea is that the key of
each card is unique, and is held in the none eeprom side of the card making
it harder to duplicate.

I would expect the basic level of security is that if the "same" card is
used a distance apart at the same time then that id is blocked, this
couldn't really be realtime and would need to be done overnight. They
could have put more security in the datablock regarding the id, but I doubt
it, better to put it around the travel cards and the cash amount.

This will be hacked eventually, but the hard part is not getting caught.
Duplicates and cards with false cash/travelcards will be easy to spot, and
setting the gate to light up like a xmas tree when its used won't be hard!

Steve

On 30 May, 08:24, Steve wrote:
I would expect the basic level of security is that if the "same" card is
used a distance apart at the same time then that id is blocked, this
couldn't really be realtime and would need to be done overnight. They
could have put more security in the datablock regarding the id, but I doubt
it, better to put it around the travel cards and the cash amount.

I suspect the pay as you go side would be most attractive to
criminals. They could just buy the cards as normal from ticket
offices, hack them and just put whatever amount of money they felt
like on the cards then sold them at much less than face value they
could make quite a few quid. Thinking about it, monthly or yearly
cards would probably be nice little earners too.

This will be hacked eventually, but the hard part is not getting caught.
Duplicates and cards with false cash/travelcards will be easy to spot, and

Duplicates you could spot , not sure how you'd spot the fake balance
or period unless the gate communicates with a database containing that
info for every ticket which I don't think it does. However even
duplicate id issues could be bypassed if you could update its software
- just use a rolling id system. Each time the card is used it rolls
over to another (hopefully valid) id. So if the gate won't let you out
first time just keep trying.

B2003

On 30 May 2007 01:30:27 -0700, Boltar wrote:


This will be hacked eventually, but the hard part is not getting caught.
Duplicates and cards with false cash/travelcards will be easy to spot, and

Duplicates you could spot , not sure how you'd spot the fake balance
or period unless the gate communicates with a database containing that
info for every ticket which I don't think it does.

The fake balance would be easy to spot overnight when the transactions are
balanced together, but that would give the user a free day. I don't know
if the main tube readers are linked to the main system, they could be, but
the extra cost of handling a fast transactual system Vs a nightly batch
system might not make it worthwhile. Of course in commerical use the doors
are normally linked to a digital video system, so everyone using a door is
recorded on camera. Think of the fun Big Brother could have using that
system on the tube!

However even
duplicate id issues could be bypassed if you could update its software
- just use a rolling id system. Each time the card is used it rolls
over to another (hopefully valid) id. So if the gate won't let you out
first time just keep trying.

I was thinking of that, a pocket scanner/writer that keeps pulling the ID's
from other cards and updating your one with them, mifare has a range of
several feet so its possible. That would be a clever hack. Still having
heard about the roulette wheel laser scanner , I wouldn't rule it out.

Steve