Slashdot Mirror
Hacked Oyster Card System Crashes Again
Barence sends along PcPro coverage of the second crash of London's Oyster card billing system in two weeks. Transport for London was forced to open the gates and allow free travel for all. "There is currently a technical problem with Oyster readers at London Underground stations which is affecting Oyster pay as you go cards only," explains the TfL website. This follows the first crash two weeks ago, which left 65,000 Oyster cards permanently corrupted. Speculation is increasing that the crashes may be related to the hacking of the Oyster card system by Dutch researchers from Radboud University, though TfL denies any link. Plans to publish details of the hack were briefly halted when the makers of the chip used in the system sued the group, although a judge ruled earlier this week that the researchers could go ahead. During the court action, details briefly leaked on website Wikileaks.
According to The Guardian (http://www.guardian.co.uk/uk/2008/jul/25/london.transport) it's because Transys, who the Oyster system is contracted out to, are sending incorrect data.
I'll admit, when I got to the underground station this morning to hear about an "Oyster card problem" which meant that all the gates were open, my first thought was that someone had used the exploit to do unpleasant things to their network, but I think it's just wishful thinking.
If it carries on like this, I might stop paying for a travelcard, since it seems every couple of weeks everyone gets to travel for free anyway ;)
Because there's an obviously increased chance of corruption if something is fucked up with the system, and there's no reason to swipe a card if you're riding for free, even if, logically, swiping your card should have no effect.
Any sysadmin knows that any action can have unforeseen repercussions when the system's in perfect shape. No reason to tempt fate.
The doc that appeared on Wikileaks was an older document about the cards, not the current doc that details the cloning, so thats why it was removed.
https://secure.wikileaks.org/wiki/Censored_Milfaire_Classic_Oyster_Card_break_paper_2008
Car analogies break down.
Wikileaks posted the wrong paper, realized it, and took it down. The paper they had was published quite openly on the arxiv.org archives:
http://arxiv.org/abs/0803.2285
Read wikileaks own discussion of the event:
http://wikileaks.org/wiki/Talk:Censored_Milfaire_Classic_Oyster_Card_break_paper_2008
Don't mess with The Phone Company. Piss them off and you'll be using two tin cans and a piece of string.
Because last time this happened, people's cards did get corrupted. I think it's more likely that the staff in that station decided not to take any chances, and tell people not to put their cards near the readers just in case.
Certainly at the station I was going through the only instructions given were to go straight through the barriers, but we weren't warned about not using the readers.
Unlike the crash two weeks ago that affected all Oyster readers and even corrupted the cards of people making top up payments, this seems to just have affected London Underground barriers this morning for pay as you go customers. "Oyster card readers on London Buses and on the Tram network have been unaffected."
If the system is a bit broken (i.e. some people's cards wouldn't work in the gates) they tend to open all the gates in all the stations to avoid congestion (most people, if their card/ticket doesn't work, try again, then again, then turn round to move away and are faced with 1000 people wanting to go the other way. It slows things down a lot.).
Right on. One of my pet hates. My other one is the person who has arrived at the barrier in front of me only to then realise that in order to go thru they will require an Oyster card. ANd then proceed for 2 minutes fumbling thru a purse, bag or jacket looking for one. Not thinking for an instant that perhaps they should move aside to do this, but rather just stand blocking the way for everyone else.
I was refunded when I has an incomplete journey due to the problem a couple of weeks ago, I got an email even saying I would be refunded next time I touched in at my 'home' station (auto topup only tops up at your home station you designate, maybe any station would refund you if it were not enabled on your card)
Come as you are, do what you must, be who you will.
I commend your request for facts and very civil tone in questioning my proposals.
Asynchronous" is an online payment. Consider the tranactions "buffered" such that by the time you reach the next access control point, the last transaction has cleared.
I'd easily call it a 10th of a second 'pause' as you swipe - be generous, call it a 20th - that's still 50 microseconds, isnt that enough to transfer a single currency value?
No. The chip inside the card is *very* low-power low-bandwidth chip with no encryption capabilities on its own.
To do a true offline payment, one has to do quite a bit of encryption/decryption functions on-card. Contactless is neither powerful enough or cheap enough to make it viable.
Another tip of the hat to you for sticking to the issue and challenging my side of the story. I wish more people would behave as you do.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html