Jim Stevenson – business marketing technology

The RFID System used by the London Tube Smartcard, the Oyster card, has been cracked.  The system Mifare Classic is used on the Dutch Transit system and possibly in Milan also.

To those who know, it looks like this is just down to a bad design, and potentially there are more serious security vulnerabilities waiting to be discovered.

Details of the hack are here.

The System uses its own cryptography and one of the recommendations to fix this is to use publicly scrutinised cryptography, which by implication is more robust and secure against attack.

There are a number of questions that arise from this:

•  How many of the organisations affected have Contingency Plans in place for this or similar occurrences;
• One of the signs of a good customer care organisation is how they deal with issues when they arise.  I wonder what Mifare’s response will be, and if they have any plans, which would mean all their customers can implement the same solution globally;
• How will Transit Organisations react, I fear by imposing more manual checks which will inconvenience there customers, causing delays;
• How quickly will hackers and organised crime get involved to start cashing in, and producing hacked cards for sale;
• In the UK Barclaycard have produced a credit card with an integral Oyster, this will no doubt have an effect on the consumer confidence of this card and Barclaycards developments to a truly contactless credit card, although Barclaycard have pointed out that the credit card system is built on different technology provided by Visa.