Oyster Card Hack To Be Released, In Good Time

DangerFace writes "A little while ago some Dutch researchers cracked the Oyster card, meaning they could get free public transport around London. The company that makes the cards, NXP, sought and got an injunction to stop the exploit being published, but that has now been overruled by a Dutch judge. The lovely Dutch blokes are holding off from releasing the hack for the time being, to give NXP time to secure their systems."

Not just Oyster

[jnik]

According to Wikipedia, the same tech is used by Atlanta, DC Metro, the L, and the T.

Key line

[Dolohov]

While I have mixed feelings about the publishing of exploits, this line hits the nail on the head:

In its ruling, the court said: "Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings."

This is an important lesson to companies like Diebold.

Re:Key line

[Steauengeglase]

I could be wrong, but I don't think the Diebold fiasco was ever officially denounced and called a bad thing. It got certain people in office and kept others in. I think the powers that be would consider that a rousing success.

Are they serious?

So let me get this straight.

1. Researchers discover hole in Oystercard implementation.
2. Oystercard operator ignores warnings from researchers.
3. Oystercard operater takes researchers to court instead of working to fix identified vulnerabilities.
4. Injunction granted.
5. Injunction overturned.
5. Researchers continue to give Oystercard operator time to fix their system, in addition to the time they had prior to the court action.

Were I in their situation I would have publically released information on the hack the moment the injunction was overturned. If vendors of ANY type of system want to fuck with people who show every intention of trying to HELP them, they deserve everything they get.

Re:Their paper has leaked

[quarrel]

To quote from the paper you linked:

"
This paper is not the same as the paper that is subject to a lawsuit by NXP. It is available on the web since several months and will be published officially in the proceedings of the Cardis'08 conference in september. The paper of the lawsuit builds on it.
"

So while related, it is different for some value of different..

--Q

Re:let em release it

[Notquitecajun]

Wear and tear. Worse gas mileage. The attitude of freeloading, or better yet, stealing, and that it "doesn't matter." Also the matter that this is something that would get WIDESPREAD in a city like London. We wouldn't be talking the occasional computer nerd - hacked cards would make their way into PLENTY of hands, and every hoodie-with-ASBOS-and-ringtones would be getting "free" rides.

Why yes, they do

[Jeppe+Salvesen]

The sidewalks are great for walking on. At no cost!

Re:Why yes, they do

[Blue+Stone]

> The sidewalks are great for walking on. At no cost!

Until the ID card surveillance system comes in. Then we pay to walk. To breathe. To exist.

Re:Why yes, they do

[ObsessiveMathsFreak]

Sidewalks, or pavements as they are sometimes known, cost money. Billions of people walk to and fro across and over sidewalks every hour of every day. Every six seconds, 5.72 meters of sidewalk are worn down by human traffic and need to be replaced. People seem to think that sidewalks spring forth from the ground. They don't. They cost money.

And who is going to pay this money? Who is going to finance the millions of kilometers of much needed sidewalks? Who is doing it at the moment? Why _you_ are. You the humble taxpayer is being forced to hand over your hard earned wages to pay for concrete that will be worn down by other people's shoes! It's ludacrious! Does anyone pay you to tile your kitchen? Do you get free funding, materials and labor when you have to repave your drive. No. Why should sidewalks be any different!?

What we propose, is a better way, and a better future for you and your children. By forming strategic Public Private Partnerships, we can finance the creation and maintenance of sidewalks everywhere by privatizing them. Businesses can finance construction of sidewalks by modestly tolling the people who use them, passing the costs on to those actually wearing down the paths, and not onto you, the innocent taxpayer.

Through the Magic of the Free Market private enterprise will deliver better, cheaper and cleaner sidewalks to the general public with no government participation! Businesses will prosper, providing employment for millions and the savings earned in the government budget can be passed on to you through a cut in the top rate of tax. It's a win/win situation for everyone involved!

Vote yes on Proposition 22. You owe it to your Family.

Anyone here involved in Oyster?

[BovineSpirit]

Does anyone know if the accidental wiping of 1000's of Oyster Cards a couple of weeks ago was linked to this? Just curious...

Re:let em release it

[PJ+The+Womble]

The cost of using public transport in London borders on the ridiculous. It's around US$2 to go 200 yards on a bus with an Oyster card. If you haven't got a card, it's over US$4.

They've cut all the bus routes into a quarter of the length they used to be - meaning that you have to take 4 times as many buses to complete your journey, at 4 times the price and a much longer journey time.

London's bus companies have been privatised. Does this mean that any efficiency savings are passed on to the passenger? I won't bother to answer that one... just have a surf around and see how much subsidy they're getting.

You'd think, then, that local taxes in London would be real cheap. Oh dear me no, that would be a wrong assumption. One pays local tax (Council Tax) to the borough in which one lives, and then a further tax to the Mayor of London's Office. The *average* charge across outer London for this year is nearly US$3000 per annum.

In London, there is no such thing as a free ride.

let me see if I've got this right...

[clone53421]

a haxor with skillz über-1337
wanted to ride london's fleet
but rather than paying
he found himself saying
"h4ck1n9 0y573r w0u1d b3 50 v3ry n347!"

Re:I'm not surprised

[Joker1980]

That reminds me of an old 'mock the week' on bbc when Andy Parsons done his train to Glasgow gag.

"It costs £98.18 to get the train from London to Glasgow, who the hell is going to do that when you can fly to Barcelona for £40, then fly whoever u wanted to visit in Glasgow to Barcelona for £40 and then spend the first £18.19 on sangria".

Re:let em release it

[totallyarb]

If the bus isn't full and you otherwise wouldn't have paid, then what's the problem?

Sometimes it's hard to tell if people are posting ironically, but I'm going to go ahead an answer as though you were serious.

The philosophical reason you don't take free rides on buses is that paying your bus fare is a Kantian categorical imperative. The ability to take a free ride on a bus presupposes the existence of a bus service, but were everybody to ride for free, the bus service would cease to run, negating the possibility of a free ride.

Actually, the real reason is a lot simpler: You're getting something of value, so you have an obligation to give something of value in return. Only parasites and slavers fail to abide by this principle. Which would you like to be?

Re:Only London air visible?

[Langfat]

I have been to London and LA...

...as well as Beijing and Cairo. Gimme a call when you've left the Western world and we'll really talk about air pollution ;)