Academics hack London's transport payment system

Generic News 1994 Published by

A computer hack that makes it possible to defraud London's transport payment system can be made public, according to a court ruling in the Netherlands.

Researchers at the Radboud University in Nijmegen planned to publish details in October on how to hack a chip used in millions of electronic passes for entering buildings and public transport systems, including London's.

The chip is used in the city's Oyster cards that are used to pay for journeys by pressing them against a card reader at the beginning and, sometimes the end of journeys.

But the chip's manufacturer, NXP based in the Netherlands, argued that it would make it easy for criminals to break into security systems and commit fraud on public transport systems.

Prior warning

NXP, founded by electronics company Philips, fears substantial damage and security risks for its clients worldwide, the court in Arnhem in the east of the Netherlands said.

But the court ruled that the university's right to publish was part of the freedom of speech and that the publication of scientific research on the chip's faults could help to take appropriate countermeasures.

"Damage to NXP is not the result of the publication of the article, but of the production and sale of a chip that appears to have shortcomings," the court said.

The university had first informed the Dutch government and NXP in March that it had developed a method to crack NXP's Mifare Classic chip with widely available commercial components and at low cost, but delayed publication of details.

'Damage to customers'

Christophe Duverne, a senior vice president at NXP, said it would take months or even years for some users of the chip to adapt their systems, and that the publication was therefore different from software hacks for which manufacturers can issue a patch much more quickly.

"What we are doing is defending our customers," Duverne said.

"We don't mind them publishing the effects of what they have discovered to inform society, I think this is absolutely fine, but disclosing things in detail including the algorithm ... is not going to benefit society, it will create damage to society."

A spokesman for the university did not want to discuss consequences for the chip's users.

Transport for London, which runs London's public transport system, had no immediate comment.



Academics hack London's transport payment system


Share this content
Twitter Facebook Reddit WhatsApp Email Print