An injunction by NXP Semiconductors failed to prevent the publication on Monday of a report by Professor Bart Jacobs of the Radboud University in Holland about a security vulnerability of the widely used Mifare Classic RFID chip, which is at the core of London Underground's Oyster Card.
The root of the problem could be found in the proprietary encryption used by Mifare - which is present in 2 billion RFID cards worldwide - that was found to be particularly easy to guess using an RFID reader and a desktop computer.
The complete document, which Professor Jacobs said was not a guidebook for attacks, was released at the European Symposium on Research in Computer Security (Esorics) 2008 security conference held in Spain after a delay of seven months.
The legal injunction sought by NXP Semiconductors allowed its customers to modify their systems accordingly and a spokesperson for Transport for London told the BBC that the organisation has introduced a number of measures to make sure that using cloned Oyster Cards is next to impossible.
Still, the fact that the flaw has been made public could mean that criminals now know where to look and with the cost of transport soaring (Travelcards can cost more than £170 per month), fake tickets and oyster cards could unfortunately become more common.
Have you read these related articles?
Newsletter:
