Barence sends along PcPro coverage of the second crash of London's Oyster card billing system in two weeks. Transport for London was forced to open the gates and allow free travel for all. "There is currently a technical problem with Oyster readers at London Underground stations which is affecting Oyster pay as you go cards only," explains the TfL website. This follows the first crash two weeks ago, which left 65,000 Oyster cards permanently corrupted. Speculation is increasing that the crashes may be related to the hacking of the Oyster card system by Dutch researchers from Radboud University, though TfL denies any link. Plans to publish details of the hack were briefly halted when the makers of the chip used in the system sued the group, although a judge ruled earlier this week that the researchers could go ahead. During the court action, details briefly leaked on website Wikileaks.
According to The Guardian (http://www.guardian.co.uk/uk/2008/jul/25/london.transport) it's because Transys, who the Oyster system is contracted out to, are sending incorrect data.
I'll admit, when I got to the underground station this morning to hear about an "Oyster card problem" which meant that all the gates were open, my first thought was that someone had used the exploit to do unpleasant things to their network, but I think it's just wishful thinking.
If it carries on like this, I might stop paying for a travelcard, since it seems every couple of weeks everyone gets to travel for free anyway;)
dammit i forget my card one day, buy a day ticket and i could have gone for free all along!
i really dont get why people think the uk system is very vulnerable when the systems in europe (well paris, madrid, rome, barcelona anyway) are all based on magnetic strips which are much cheaper/easier to reencode than the oyster cards.
This morning when I was exiting from the destination tube station (the system crashed while I was traveling) there was both one guy shouting and announcements through the information system telling us not to "touch out your card" (meaning, don't have it read by the reader).
If there is no risk of the cards being corrupted, why where they giving us those instructions?
Because there's an obviously increased chance of corruption if something is fucked up with the system, and there's no reason to swipe a card if you're riding for free, even if, logically, swiping your card should have no effect.
Any sysadmin knows that any action can have unforeseen repercussions when the system's in perfect shape. No reason to tempt fate.
Not touching out means you pay the maximum possible fare for your journey rather than the actual fare. It's one way to recoup the cost of having to open the gates I suppose.
I was refunded when I has an incomplete journey due to the problem a couple of weeks ago, I got an email even saying I would be refunded next time I touched in at my 'home' station (auto topup only tops up at your home station you designate, maybe any station would refund you if it were not enabled on your card)
Because last time this happened, people's cards did get corrupted. I think it's more likely that the staff in that station decided not to take any chances, and tell people not to put their cards near the readers just in case.
Certainly at the station I was going through the only instructions given were to go straight through the barriers, but we weren't warned about not using the readers.
They do this when there are faults during rush hour to keep people flowing. Otherwise someone inevitably stands at the gate waiting for the green light after they touch their card to the dead Oyster reader and within seconds there is a massive queue behind them.
by Anonymous Coward
on Friday July 25 2008, @09:11AM (#24334367)
Guide for IT Managers When Deciding Blame.
1. Hackers did it! If hackers couldn't have done it... 2. Disgruntled employees did it! If disgruntled employees couldn't have done it... 3. It's the vendor's fault! If the vendor couldn't have done it... 4. It's our fault.
Now... Reverse the list and that's what really happened.
reminds me of my first day as an IT lead:
The old lead as he is leaving hands me 3 envelopes and says that if I run into a problem that the bosses have to call me on open the first envelope, if it happens again the second and if it happens one more time open the 3rd.
The first one told me to blame it on him, the second said to blame it on the team and lay a few people off. The third says "make 3 new envelopes..."
1. There's nothing wrong! If something is wrong...
2. Hackers did it! If hackers couldn't have done it...
3. Disgruntled employees did it! If disgruntled employees couldn't have done it...
4. It's the vendor's fault! If the vendor couldn't have done it...
5. There's nothing wrong.
The Dutch group is one of three known to have cracked the Mifare Classic technology.
I haven't heard any other reports of other groups having confirmed to have cracked this system, so does anyone else know what the BBC are on about? But if they are right, then its pretty safe to say that people have been running about with cloned oyster cards for a while.
Unfortunately there don't seem to be any real details of how the copying is done, but I do wonder if the copying process is as simple as that if you can read a card you can clone it? If thats the case, if you need a new card (you will every 24 hours from what I've seen if you're using cloned cards), you just bump into someone on the way into a station with a reader about you person and clone theirs!
With there being two major fuck ups of the oyster system in 2 weeks, I am thinking that someone is really trying to make changes to the oyster system that it can't cope with...... and they would only try and really push the system if copying the cards is actually really easy, or they already have a problem with cloned cards that they're not talking about.
Unfortunately there don't seem to be any real details of how the copying is done, but I do wonder if the copying process is as simple as that if you can read a card you can clone it?
From what I have read, you can gather enough information to clone a card through two different ways :
* Eavesdropping the communication between the attacked card and the reader (completely passive)
* "Bumping" into someone with a reader that will fake official readers and ask the card for an ID and a challenge. The challenge is easy to brute force because of a flaw in the randomness generator.
What happens to cards that were corrupted? Oyster is a stored value card, in other words you put money "on" it... so if it gets corrupted, you loose your money?
What happens to cards that were corrupted? Oyster is a stored value card, in other words you put money "on" it... so if it gets corrupted, you loose your money?
My card wasn't corrupted, but AFAIK they were replacing cards and transferring any stored value to the new card.
The cards have an ID number, if you go to the Oyster website you can see the balance of your card (and put more credit on it).
As I understand it, the buses (and presumably trams) only exchange data with the big brother network at the depot.... so if a bus goes out with a working Oyster reader thing, then (in theory) it'd work all day even if the rest of the oyster network fucks up whilst the bus is out.
The Oyster card system requires you touch your card at the start and end of your journey, or it defaults to charging the maximum fare (which is alot - now about £4.00 I think).
But there are cases outside the norm where this penalty is charged unjustly - like on the way to a special event when the tube's packed, or when you forget something and have to leave the station without travelling.
The fare/penalty is charged automatically and you might not even notice, but of course to get it refund
It crashed because some schmuck needed a free ride on the subway and instead of using his psychic paper to get past the check point the idiot used his sonic screwdriver to bypass the system and crashed the servers. Don't blame the hackers, blame the police call box traveling schmuck who needed to be on the other side of London so he could save the world, again.
Card hacks like this are a total waste of everyone's time including the researchers!
I don't know the specifics of the Oyster system, but I promise you the card is very, very dumb. So dumb the possibility of 65,000 cards being corrupted in one time is not the card's fault.
How can I possibly know that? Well, if the submitter knew anything about value transfer cards, he would know that cards that store value require microseconds to transfer the value. Those microseconds translate into the rider having to -st
Card hacks like this are a total waste of everyone's time including the researchers!
I don't know the specifics of the Oyster system, but I promise you the card is very, very dumb. So dumb the possibility of 65,000 cards being corrupted in one time is not the card's fault.
How can I possibly know that? Well, if the submitter knew anything about value transfer cards, he would know that cards that store value require microseconds to transfer the value. Those microseconds translate into the rider having to -stop and wait- in order to transfer value. Which all mass transit riders know would be an absolute mess. So, the card carries, at most, a disguised unique ID with all the value transfer happening on some backend.
Not true, at least for the Oyster card. It stores a value as well as an ID. There are several thousand buses in London, each with an Oyster reader, and no reliable, fast way to access a central database (of several million cards) from the buses.
When you add credit to a card, you touch the card to the ticket machine, insert coins, press the "I'm done" button, and then touch the card again -- further demonstrating that the card has more than an ID, it needs to be updated to know how much money has been added
Sadly I'm on a travelcard, so I still got to pay for the privilege, but at least I didn't have to queue up behind any tourists trying to work out how to get their suitcase through the barriers for once.
Right on. One of my pet hates. My other one is the person who has arrived at the barrier in front of me only to then realise that in order to go thru they will require an Oyster card. ANd then proceed for 2 minutes fumbling thru a purse, bag or jacket looking for one. Not thinking for an instant that perhaps they should move aside to do this, but rather just stand blocking the way for everyone else.
If the system is a bit broken (i.e. some people's cards wouldn't work in the gates) they tend to open all the gates in all the stations to avoid congestion (most people, if their card/ticket doesn't work, try again, then again, then turn round to move away and are faced with 1000 people wanting to go the other way. It slows things down a lot.).
It's not been hacked (Score:5, Informative)
According to The Guardian (http://www.guardian.co.uk/uk/2008/jul/25/london.transport) it's because Transys, who the Oyster system is contracted out to, are sending incorrect data.
I'll admit, when I got to the underground station this morning to hear about an "Oyster card problem" which meant that all the gates were open, my first thought was that someone had used the exploit to do unpleasant things to their network, but I think it's just wishful thinking.
If it carries on like this, I might stop paying for a travelcard, since it seems every couple of weeks everyone gets to travel for free anyway ;)
Re: (Score:2, Interesting)
dammit i forget my card one day, buy a day ticket and i could have gone for free all along!
i really dont get why people think the uk system is very vulnerable when the systems in europe (well paris, madrid, rome, barcelona anyway) are all based on magnetic strips which are much cheaper/easier to reencode than the oyster cards.
Re:It's not been hacked (Score:4, Interesting)
Parent
Re:It's not been hacked (Score:4, Insightful)
Probably something to try and get around this hack thats appeared for MiFARE.
Do I believe all this happening now with Oyster is just a co-incidence given part of the hack was made public recently? Err , no, I bloody don't.
Parent
Re: (Score:2)
Re:It's not been hacked (Score:4, Insightful)
I did read the headline. Just because someone is capable of exploiting the system doesn't mean thats what happened.
Somehow I trust The Guardian slightly more then "Barence".
Parent
I don't know about this... (Score:5, Funny)
...I'm not sure I can trust the news being provided in this case, but one thing is certain -- something smells fishy about this.
Re: (Score:3, Funny)
Those Oyster crackers must be up to no good!
Re: (Score:2)
Thanks for that post. It's always nice to find a pearl of wisdom here on /.
What really happening is.... (Score:5, Funny)
Wikileaks problems? (Score:5, Interesting)
details briefly leaked on website Wikileaks
What? "briefly" leaked? Does this mean Wikileaks removed those details? I thought that was against Wikileaks policy.
Re:Wikileaks problems? (Score:5, Informative)
https://secure.wikileaks.org/wiki/Censored_Milfaire_Classic_Oyster_Card_break_paper_2008 [wikileaks.org]
Parent
No cards will be corrupted this time .... (Score:5, Interesting)
... bullshit.
This morning when I was exiting from the destination tube station (the system crashed while I was traveling) there was both one guy shouting and announcements through the information system telling us not to "touch out your card" (meaning, don't have it read by the reader).
If there is no risk of the cards being corrupted, why where they giving us those instructions?
Re: (Score:2, Informative)
Because there's an obviously increased chance of corruption if something is fucked up with the system, and there's no reason to swipe a card if you're riding for free, even if, logically, swiping your card should have no effect.
Any sysadmin knows that any action can have unforeseen repercussions when the system's in perfect shape. No reason to tempt fate.
Re: (Score:2, Interesting)
Not touching out means you pay the maximum possible fare for your journey rather than the actual fare.
It's one way to recoup the cost of having to open the gates I suppose.
Re: (Score:2)
The last information I saw was that if you got hit with the maximum fare while the gates were open, they'll refund automatically.
Of course whether that happens or not is a different question.
Re: (Score:3, Informative)
Re:No cards will be corrupted this time .... (Score:4, Informative)
Because last time this happened, people's cards did get corrupted. I think it's more likely that the staff in that station decided not to take any chances, and tell people not to put their cards near the readers just in case.
Certainly at the station I was going through the only instructions given were to go straight through the barriers, but we weren't warned about not using the readers.
Parent
Re: (Score:2)
If it isn't working... (Score:5, Funny)
Guide for IT Managers When Deciding Blame.
1. Hackers did it! If hackers couldn't have done it...
2. Disgruntled employees did it! If disgruntled employees couldn't have done it...
3. It's the vendor's fault! If the vendor couldn't have done it...
4. It's our fault.
Now... Reverse the list and that's what really happened.
Re:If it isn't working... (Score:5, Funny)
Parent
Re: (Score:2)
2. Hackers did it! If hackers couldn't have done it...
3. Disgruntled employees did it! If disgruntled employees couldn't have done it...
4. It's the vendor's fault! If the vendor couldn't have done it...
5. There's nothing wrong.
Fixed.
Re: (Score:2)
4. is wrong. It should read
4. The reasons still examined, we will report findings when we have them.
(wait 4 weeks and nobody will bother to ask anymore, because someone from the Royal family made some blooper again)
Re: (Score:2)
It's the wrong kind of snow/sun/rain/wind
After that comes excuses like insufficient funding, "aggressive timescale", "thousand year" flood/drought/temperatures,
But never, ever could it be our fault.
3 groups have cracked MIFARE, say BBC (Score:4, Interesting)
http://news.bbc.co.uk/1/hi/technology/7516869.stm [bbc.co.uk]
Says in the last line
The Dutch group is one of three known to have cracked the Mifare Classic technology.
I haven't heard any other reports of other groups having confirmed to have cracked this system, so does anyone else know what the BBC are on about? But if they are right, then its pretty safe to say that people have been running about with cloned oyster cards for a while.
Unfortunately there don't seem to be any real details of how the copying is done, but I do wonder if the copying process is as simple as that if you can read a card you can clone it? If thats the case, if you need a new card (you will every 24 hours from what I've seen if you're using cloned cards), you just bump into someone on the way into a station with a reader about you person and clone theirs!
With there being two major fuck ups of the oyster system in 2 weeks, I am thinking that someone is really trying to make changes to the oyster system that it can't cope with...... and they would only try and really push the system if copying the cards is actually really easy, or they already have a problem with cloned cards that they're not talking about.
Watch this and make your own mind up (Score:2)
http://www.hackaday.com/2008/01/01/24c3-mifare-crypto1-rfid-completely-broken/ [hackaday.com]
Re: (Score:3, Interesting)
Unfortunately there don't seem to be any real details of how the copying is done, but I do wonder if the copying process is as simple as that if you can read a card you can clone it?
From what I have read, you can gather enough information to clone a card through two different ways :
* Eavesdropping the communication between the attacked card and the reader (completely passive)
* "Bumping" into someone with a reader that will fake official readers and ask the card for an ID and a challenge. The challenge is easy to brute force because of a flaw in the randomness generator.
Re: (Score:2)
What happens to cards that were corrupted? Oyster is a stored value card, in other words you put money "on" it... so if it gets corrupted, you loose your money?
Re: (Score:2)
What happens to cards that were corrupted? Oyster is a stored value card, in other words you put money "on" it... so if it gets corrupted, you loose your money?
My card wasn't corrupted, but AFAIK they were replacing cards and transferring any stored value to the new card.
The cards have an ID number, if you go to the Oyster website you can see the balance of your card (and put more credit on it).
false reports wikileaks forced to remove paper (Score:3, Informative)
Wikileaks posted the wrong paper, realized it, and took it down. The paper they had was published quite openly on the arxiv.org archives:
http://arxiv.org/abs/0803.2285 [arxiv.org]
Read wikileaks own discussion of the event:
http://wikileaks.org/wiki/Talk:Censored_Milfaire_Classic_Oyster_Card_break_paper_2008 [wikileaks.org]
Please mind the gap... (Score:4, Funny)
between your card and our security.
Maybe somebody can convince Emma Clarke [wikipedia.org] to provide us a nice cheeky voice-over for these sort of situations?
Just underground barriers (Score:2, Informative)
Re: (Score:2)
Re: (Score:3, Interesting)
Yeah, that's the theory. In practice it seems that if a bus goes out with a working Oyster reader, it'll die by the end of the day ;)
I've lost count of the number of times that I've been told to just get on, because the reader isn't working.
Oyster cards not working for you? (Score:3, Funny)
You could always try the Spanish fly card
Operater Error (Score:5, Funny)
Re:Operater Error (Score:5, Funny)
Parent
Re: (Score:2)
Eventually some bright spark will winkle out the truth, though hacking travel cards does seem kind of shellfish.
I'll be using mine later today to go and watch some barnacle boxing - hope I'm not all abalone :P
The problems even the balance between us and them. (Score:2, Interesting)
But there are cases outside the norm where this penalty is charged unjustly - like on the way to a special event when the tube's packed, or when you forget something and have to leave the station without travelling. The fare/penalty is charged automatically and you might not even notice, but of course to get it refund
Sonic Problem in the Oyster System. (Score:3, Funny)
It crashed because some schmuck needed a free ride on the subway and instead of using his psychic paper to get past the check point the idiot used his sonic screwdriver to bypass the system and crashed the servers. Don't blame the hackers, blame the police call box traveling schmuck who needed to be on the other side of London so he could save the world, again.
Re: (Score:2)
That was
Bit of an understatement ... (Score:4, Insightful)
Details don't just "briefly leak" on the Internet.
Establish Some Baseline Facts! (Score:2, Interesting)
Card hacks like this are a total waste of everyone's time including the researchers!
I don't know the specifics of the Oyster system, but I promise you the card is very, very dumb. So dumb the possibility of 65,000 cards being corrupted in one time is not the card's fault.
How can I possibly know that? Well, if the submitter knew anything about value transfer cards, he would know that cards that store value require microseconds to transfer the value. Those microseconds translate into the rider having to -st
Re: (Score:3, Interesting)
Card hacks like this are a total waste of everyone's time including the researchers!
I don't know the specifics of the Oyster system, but I promise you the card is very, very dumb. So dumb the possibility of 65,000 cards being corrupted in one time is not the card's fault.
How can I possibly know that? Well, if the submitter knew anything about value transfer cards, he would know that cards that store value require microseconds to transfer the value. Those microseconds translate into the rider having to -stop and wait- in order to transfer value. Which all mass transit riders know would be an absolute mess. So, the card carries, at most, a disguised unique ID with all the value transfer happening on some backend.
Not true, at least for the Oyster card. It stores a value as well as an ID. There are several thousand buses in London, each with an Oyster reader, and no reliable, fast way to access a central database (of several million cards) from the buses.
When you add credit to a card, you touch the card to the ticket machine, insert coins, press the "I'm done" button, and then touch the card again -- further demonstrating that the card has more than an ID, it needs to be updated to know how much money has been added
Hong Kong's Octopus card (Score:2, Interesting)
Re:Free Commute (Score:4, Insightful)
Sadly I'm on a travelcard, so I still got to pay for the privilege, but at least I didn't have to queue up behind any tourists trying to work out how to get their suitcase through the barriers for once.
Parent
Re: (Score:3, Informative)
Re: (Score:2)
Re:So... (Score:5, Informative)
If the system is a bit broken (i.e. some people's cards wouldn't work in the gates) they tend to open all the gates in all the stations to avoid congestion (most people, if their card/ticket doesn't work, try again, then again, then turn round to move away and are faced with 1000 people wanting to go the other way. It slows things down a lot.).
Parent
Re: (Score:3, Funny)
Never tried having oyster 'cards' before....