60,000 Oyster Cards Corrupted - Smart Card News
60,000 Oyster Cards Corrupted - Smart Card News
60,000 Oyster Cards Corrupted - Smart Card News
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
So what on earth is going on here? Two major outages within two weeks both due to the<br />
transmission of ‘incorrect data tables’ to all the <strong>Oyster</strong> <strong>Card</strong> Terminals, is such an<br />
accident possible or is there something more going on behind the scenes?<br />
We have been reporting in SCN this year of the breaches in the security of the Mifare<br />
chip which is the platform used by the <strong>Oyster</strong> card. In January we reported on the<br />
discoveries of Karsten Nohl (University of Virginia) and Henryk Plötz who effectively<br />
publically revealed much of the cryptographic architecture at the core of the Mifare chip.<br />
In March we revealed the work of the digital security group at Radboud University in the<br />
Netherlands who carried on with where Noel and Plotz left off. There can be no doubt<br />
that both teams had cracked the Mifare Crypto-1 algorithms and last month we reported<br />
on the Radboud team travelling the London Underground for free.<br />
It gets worse because NXP (nee Philips Semiconductors) who own (Mifare is proprietary<br />
technology) and manufacture the Mifare chips have now lost a ruling in the Netherlands<br />
to block the Radboud University team from publishing their results. Mifare is now used<br />
in up to a billion smart cards in mass transit and physical access control applications.<br />
Nobody doubts that it will take years and significant costs to fix the problem which<br />
means changing the cards, the smart card readers and some of the software middleware<br />
that handles the application on the card. Involved in all of this is the cryptographic key<br />
management, let nobody fool you, this needs to be changed as well.<br />
If you were Transys the first thing you would try to do is to enhance the application<br />
security around the use of the smart card. You can’t do anything about the cryptography<br />
because that is deeply buried in the chips and can’t be changed (without changing the<br />
chip). So the next best thing is to try and detect counterfeit cards or even authentic cards<br />
where the data on the card has been manipulated. Can you imagine somebody selling a<br />
kit for <strong>Oyster</strong> card users to reset the value on their cards, this is effectively what the<br />
Radboud University team demonstrated in London.<br />
So more about those ‘incorrect data tables’ what could that mean? Now as far as I know<br />
the cost of the journeys on the London Underground have not changed for some time and<br />
certainly not in the month of July so it’s not obvious that there would be any changes<br />
here. But how about hot card lists? At the end of the day software on the Transys servers<br />
could examine what the cards are up to, and notice everything seems to be linked to pay<br />
as you go, which has a weaker registration system? If cards were being manipulated then<br />
it should be possible to detect this back at base which should have a record of value loads<br />
and spends. Each Mifare card has a unique (well its supposed to be although there have<br />
been reports of duplicates) ID number which would be more difficult for the home user to<br />
change although given the attacks reported previously any thing else relating to the<br />
<strong>Oyster</strong> card application could be changed. With all this information Transys could send<br />
out hot card lists to disable these suspect cards, this is what appeared to happen on the<br />
first system failure. As an alternative you could just refuse access to the suspect cards on<br />
the hot list and that perhaps is what happened on the latest system failure.
Change language