Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

[ Create a new account ]

Hacked Oyster Card System Crashes Again

Posted by kdawson on Fri Jul 25, 2008 08:54 AM
from the no-pearls-in-sight dept.
Hardware Hacking
Barence sends along PcPro coverage of the second crash of London's Oyster card billing system in two weeks. Transport for London was forced to open the gates and allow free travel for all. "There is currently a technical problem with Oyster readers at London Underground stations which is affecting Oyster pay as you go cards only," explains the TfL website. This follows the first crash two weeks ago, which left 65,000 Oyster cards permanently corrupted. Speculation is increasing that the crashes may be related to the hacking of the Oyster card system by Dutch researchers from Radboud University, though TfL denies any link. Plans to publish details of the hack were briefly halted when the makers of the chip used in the system sued the group, although a judge ruled earlier this week that the researchers could go ahead. During the court action, details briefly leaked on website Wikileaks.
hardhack haha securitythroughobscurity mifare seafood
hardware hardhack
story

Related Stories

[+] IT: Oyster Card Hack To Be Released, In Good Time 246 comments
DangerFace writes "A little while ago some Dutch researchers cracked the Oyster card, meaning they could get free public transport around London. The company that makes the cards, NXP, sought and got an injunction to stop the exploit being published, but that has now been overruled by a Dutch judge. The lovely Dutch blokes are holding off from releasing the hack for the time being, to give NXP time to secure their systems."
Firehose:Hacked Oyster card system crashes again by Barence (1228440)
[+] Your Rights Online: Massachusetts Sues to Halt Defcon Subway Hacking Talk 270 comments
According to CNET, "The state of Massachusetts has asked a federal judge for a temporary restraining order preventing three MIT students from giving a presentation on Sunday about hacking smartcards used in the Boston subway system." It'll be interesting to see whether Dutch-style openness or Soviet-style secrecy prevails in Las Vegas. Update: 08/09 20:57 GMT by T : "Too late," says reader Bluey: "Injunction was already granted."
[+] Technology: London's Oystercard Gets New Contract, But Same Suppliers 115 comments
nk497 writes "Over the summer, the London travelcard ticketing system — called Oyster — fell over twice, forcing the transport authority to offer free travel to the six million Londoners using the system. After that, it cut its contract with the supplier of the system, a consortium called TranSys. But now, Transport for London has signed a new contract to replace the TranSys one — with the same two companies that made up the TranSys consortium. Sure, that should fix everything."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Hacked Oyster Card System Crashes Again 25 Comments More | Login /

 Full
 Abbreviated
 Hidden
More | Login
Loading... please wait.

  • It's not been hacked (Score:5, Informative)

    by Jellybob (597204) on Friday July 25, @08:59AM (#24334141) Journal

    According to The Guardian (http://www.guardian.co.uk/uk/2008/jul/25/london.transport) it's because Transys, who the Oyster system is contracted out to, are sending incorrect data.

    I'll admit, when I got to the underground station this morning to hear about an "Oyster card problem" which meant that all the gates were open, my first thought was that someone had used the exploit to do unpleasant things to their network, but I think it's just wishful thinking.

    If it carries on like this, I might stop paying for a travelcard, since it seems every couple of weeks everyone gets to travel for free anyway ;)

  • I don't know about this... (Score:5, Funny)

    by erroneus (253617) on Friday July 25, @09:00AM (#24334167) Homepage

    ...I'm not sure I can trust the news being provided in this case, but one thing is certain -- something smells fishy about this.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      Those Oyster crackers must be up to no good!

  • What really happening is.... (Score:5, Funny)

    by benwiggy (1262536) on Friday July 25, @09:02AM (#24334213)
    Can't you see, man? The Underground *wants* to be free!

  • Wikileaks problems? (Score:5, Interesting)

    by wile_e_wonka (934864) on Friday July 25, @09:04AM (#24334255)

    details briefly leaked on website Wikileaks

    What? "briefly" leaked? Does this mean Wikileaks removed those details? I thought that was against Wikileaks policy.

  • No cards will be corrupted this time .... (Score:5, Interesting)

    by Aceticon (140883) on Friday July 25, @09:10AM (#24334345)

    ... bullshit.

    This morning when I was exiting from the destination tube station (the system crashed while I was traveling) there was both one guy shouting and announcements through the information system telling us not to "touch out your card" (meaning, don't have it read by the reader).

    If there is no risk of the cards being corrupted, why where they giving us those instructions?

    • Because last time this happened, people's cards did get corrupted. I think it's more likely that the staff in that station decided not to take any chances, and tell people not to put their cards near the readers just in case.

      Certainly at the station I was going through the only instructions given were to go straight through the barriers, but we weren't warned about not using the readers.

  • If it isn't working... (Score:5, Funny)

    by Anonymous Coward on Friday July 25, @09:11AM (#24334367)

    Guide for IT Managers When Deciding Blame.

    1. Hackers did it! If hackers couldn't have done it...
    2. Disgruntled employees did it! If disgruntled employees couldn't have done it...
    3. It's the vendor's fault! If the vendor couldn't have done it...
    4. It's our fault.

    Now... Reverse the list and that's what really happened.

    • Re:If it isn't working... (Score:5, Funny)

      by Coraon (1080675) on Friday July 25, @09:46AM (#24335059)
      reminds me of my first day as an IT lead: The old lead as he is leaving hands me 3 envelopes and says that if I run into a problem that the bosses have to call me on open the first envelope, if it happens again the second and if it happens one more time open the 3rd. The first one told me to blame it on him, the second said to blame it on the team and lay a few people off. The third says "make 3 new envelopes..."

  • 3 groups have cracked MIFARE, say BBC (Score:4, Interesting)

    by internewt (640704) on Friday July 25, @09:16AM (#24334457) Journal
    This article on the BBC site:
    http://news.bbc.co.uk/1/hi/technology/7516869.stm [bbc.co.uk]
    Says in the last line

    The Dutch group is one of three known to have cracked the Mifare Classic technology.

    I haven't heard any other reports of other groups having confirmed to have cracked this system, so does anyone else know what the BBC are on about? But if they are right, then its pretty safe to say that people have been running about with cloned oyster cards for a while.

    Unfortunately there don't seem to be any real details of how the copying is done, but I do wonder if the copying process is as simple as that if you can read a card you can clone it? If thats the case, if you need a new card (you will every 24 hours from what I've seen if you're using cloned cards), you just bump into someone on the way into a station with a reader about you person and clone theirs!

    With there being two major fuck ups of the oyster system in 2 weeks, I am thinking that someone is really trying to make changes to the oyster system that it can't cope with...... and they would only try and really push the system if copying the cards is actually really easy, or they already have a problem with cloned cards that they're not talking about.

    • Re: (Score:3, Interesting)

      by Yvanhoe (564877)

      Unfortunately there don't seem to be any real details of how the copying is done, but I do wonder if the copying process is as simple as that if you can read a card you can clone it?

      From what I have read, you can gather enough information to clone a card through two different ways :
      * Eavesdropping the communication between the attacked card and the reader (completely passive)
      * "Bumping" into someone with a reader that will fake official readers and ask the card for an ID and a challenge. The challenge is easy to brute force because of a flaw in the randomness generator.

  • Wikileaks posted the wrong paper, realized it, and took it down. The paper they had was published quite openly on the arxiv.org archives:

    http://arxiv.org/abs/0803.2285 [arxiv.org]

    Read wikileaks own discussion of the event:

    http://wikileaks.org/wiki/Talk:Censored_Milfaire_Classic_Oyster_Card_break_paper_2008 [wikileaks.org]

  • Please mind the gap... (Score:4, Funny)

    by jwiegley (520444) on Friday July 25, @09:29AM (#24334685)

    between your card and our security.

    Maybe somebody can convince Emma Clarke [wikipedia.org] to provide us a nice cheeky voice-over for these sort of situations?

  • Oyster cards not working for you? (Score:3, Funny)

    by sjonke (457707) on Friday July 25, @09:38AM (#24334885) Journal

    You could always try the Spanish fly card

  • Operater Error (Score:5, Funny)

    by Shadow Wrought (586631) * on Friday July 25, @09:42AM (#24334979) Homepage Journal
    Some set the reader from "Oyster" to "Clam." No word yet on whether or not other vendors will attempt to mussel into the market.

  • It crashed because some schmuck needed a free ride on the subway and instead of using his psychic paper to get past the check point the idiot used his sonic screwdriver to bypass the system and crashed the servers. Don't blame the hackers, blame the police call box traveling schmuck who needed to be on the other side of London so he could save the world, again.

     

  • Bit of an understatement ... (Score:4, Insightful)

    by ScrewMaster (602015) on Friday July 25, @10:24AM (#24335755)
    During the court action, details briefly leaked on website Wikileaks.

    Details don't just "briefly leak" on the Internet.

    • Re:Free Commute (Score:4, Insightful)

      by Jellybob (597204) on Friday July 25, @09:06AM (#24334283) Journal

      Sadly I'm on a travelcard, so I still got to pay for the privilege, but at least I didn't have to queue up behind any tourists trying to work out how to get their suitcase through the barriers for once.

    • Re:So... (Score:5, Informative)

      by xaxa (988988) on Friday July 25, @09:57AM (#24335265)

      If the system is a bit broken (i.e. some people's cards wouldn't work in the gates) they tend to open all the gates in all the stations to avoid congestion (most people, if their card/ticket doesn't work, try again, then again, then turn round to move away and are faced with 1000 people wanting to go the other way. It slows things down a lot.).

      • Re: (Score:3, Interesting)

        by Jellybob (597204)

        Yeah, that's the theory. In practice it seems that if a bus goes out with a working Oyster reader, it'll die by the end of the day ;)

        I've lost count of the number of times that I've been told to just get on, because the reader isn't working.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.