Hacked Oyster Card System Crashes Again 95
Barence sends along PcPro coverage of the second crash of London's Oyster card billing system in two weeks. Transport for London was forced to open the gates and allow free travel for all. "There is currently a technical problem with Oyster readers at London Underground stations which is affecting Oyster pay as you go cards only," explains the TfL website. This follows the first crash two weeks ago, which left 65,000 Oyster cards permanently corrupted. Speculation is increasing that the crashes may be related to the hacking of the Oyster card system by Dutch researchers from Radboud University, though TfL denies any link. Plans to publish details of the hack were briefly halted when the makers of the chip used in the system sued the group, although a judge ruled earlier this week that the researchers could go ahead. During the court action, details briefly leaked on website Wikileaks.
It's not been hacked (Score:5, Informative)
According to The Guardian (http://www.guardian.co.uk/uk/2008/jul/25/london.transport) it's because Transys, who the Oyster system is contracted out to, are sending incorrect data.
I'll admit, when I got to the underground station this morning to hear about an "Oyster card problem" which meant that all the gates were open, my first thought was that someone had used the exploit to do unpleasant things to their network, but I think it's just wishful thinking.
If it carries on like this, I might stop paying for a travelcard, since it seems every couple of weeks everyone gets to travel for free anyway ;)
Re:No cards will be corrupted this time .... (Score:2, Informative)
Because there's an obviously increased chance of corruption if something is fucked up with the system, and there's no reason to swipe a card if you're riding for free, even if, logically, swiping your card should have no effect.
Any sysadmin knows that any action can have unforeseen repercussions when the system's in perfect shape. No reason to tempt fate.
Re:Wikileaks problems? (Score:5, Informative)
https://secure.wikileaks.org/wiki/Censored_Milfaire_Classic_Oyster_Card_break_paper_2008 [wikileaks.org]
false reports wikileaks forced to remove paper (Score:3, Informative)
Wikileaks posted the wrong paper, realized it, and took it down. The paper they had was published quite openly on the arxiv.org archives:
http://arxiv.org/abs/0803.2285 [arxiv.org]
Read wikileaks own discussion of the event:
http://wikileaks.org/wiki/Talk:Censored_Milfaire_Classic_Oyster_Card_break_paper_2008 [wikileaks.org]
Re:No cards will be corrupted this time .... (Score:4, Informative)
Because last time this happened, people's cards did get corrupted. I think it's more likely that the staff in that station decided not to take any chances, and tell people not to put their cards near the readers just in case.
Certainly at the station I was going through the only instructions given were to go straight through the barriers, but we weren't warned about not using the readers.
Just underground barriers (Score:2, Informative)
Re:So... (Score:5, Informative)
If the system is a bit broken (i.e. some people's cards wouldn't work in the gates) they tend to open all the gates in all the stations to avoid congestion (most people, if their card/ticket doesn't work, try again, then again, then turn round to move away and are faced with 1000 people wanting to go the other way. It slows things down a lot.).
Re:Free Commute (Score:3, Informative)
Re:No cards will be corrupted this time .... (Score:3, Informative)
good question! (Score:2, Informative)
I commend your request for facts and very civil tone in questioning my proposals.
Asynchronous" is an online payment. Consider the tranactions "buffered" such that by the time you reach the next access control point, the last transaction has cleared.
I'd easily call it a 10th of a second 'pause' as you swipe - be generous, call it a 20th - that's still 50 microseconds, isnt that enough to transfer a single currency value?
No. The chip inside the card is *very* low-power low-bandwidth chip with no encryption capabilities on its own.
To do a true offline payment, one has to do quite a bit of encryption/decryption functions on-card. Contactless is neither powerful enough or cheap enough to make it viable.
Another tip of the hat to you for sticking to the issue and challenging my side of the story. I wish more people would behave as you do.