http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/ Engadget Comments for Oyster Cards vulnerable to RFID hack, lots of other systems too http://www.engadget.com/media/feedlogo.gif http://www.engadget.com en-us Copyright 2008 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.barclaycard.co.uk/personal-home/cards/onepulse-hero/index.html]]>Mar 14th 2008 1:55PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Of course it probably wont.]]>Mar 14th 2008 1:58PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/
But on a serious note, buildings here in the financial district all use RFID cards for secure access, including buildings such as the Federal Reserve Bank so I'm hoping no one really begins to exploit these cards. ]]>Mar 14th 2008 2:00PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 2:10PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/
I know that its probably half and half. Older companies seem to be using RFID, but seems as if some companies do use the strip. The company I work for though uses RFID because when its together in my wallet with my Mass Transit card they conflict with one another on occasion. ]]>Mar 14th 2008 2:46PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 2:01PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/
I don't use marta much, and I'm sure the temporary cards are worthless, but if you find someone that has the plastic cards, then you can probably cheat and use their account so long as they aren't on the rail. I say this because my friend had to buy two cards when he and his wife were going to travel, he thought he could get away with just swiping the card twice!]]>Mar 14th 2008 5:41PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 2:01PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 2:02PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 2:02PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/
RFID is a cool concept but its specifications and implementations leave a lot to be desired.]]>Mar 14th 2008 2:09PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/
True, most of these suck, but they can be very secure. The problem is any kind of major encryption technology requires some pretty beefy computation capability for a device with no internal power source and severely limited real estate. Asymmetric ciphers, for example, require both parties to store and work with three very large numbers (their public key, their private key, and the other party's public key), and the initial handshake (in which session keys are exchanged over the asymmetric cipher so faster, symmetric ciphers can take over) requires a mathematically complex operation (dividing, exponentiating, and calculating the modulus of these extremely large numbers).]]>Mar 14th 2008 4:13PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/
I've built a 14443 stack, it's easy to hack but it's security lies in it's limited range. It's almost as easy to just steal the card as it is to sniff it.]]>Mar 14th 2008 2:09PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/
With a better transmitter, receiver, and antenna - and a longer time to collect samples then the "swipe" time envisioned by the system designers, I believe the hackers have an advantage.]]>Mar 14th 2008 3:07PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 3:57PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 6:09PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 2:14PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 2:18PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 4:07PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 2:23PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 2:28PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/
Thats correct. I nabbed mine Fall, 2006. ]]>Mar 14th 2008 2:29PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 2:25PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 4:14PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/
Though one standard does hold true.."Three men can keep a secret if two of them are dead." Hopefully such drastic actions will never be taken to keep encryption techonology as secure.]]>Mar 14th 2008 2:41PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 2:52PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 3:55PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 15th 2008 4:00AMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/
You can however easily block someone from doing this by keeping your card in a Secure Sleeve(tm). It is a shielded card sleeve. You can buy them for a couple bucks a piece at www.idstronghold.com]]>Mar 19th 2008 2:14PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 2:56PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 3:02PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/
It's also possible to convert a public key into a private key, but it requires significantly more time than the expected life of the Sun at 4096 bits.

Why don't these things just use RSA? You could flash a 1K ROM with a 4096-bit keypair at construction time and require a handshake with the authenticating device. It's not rocket science. (But it is computer science! Luckily, that I know!)]]>Mar 14th 2008 3:44PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 3:11PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 3:45PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 4:00PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 3:47PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 3:48PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 4:24PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 4:25PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 4:49PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 4:26PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Personally, I hate RFID in relation to personal info and money transfers. There are things that should NEVER be wireless. Passports, Credit Cards, medical history, social security numbers. If it's related to me, I don't want it wireless. Leave RFID to inventory control.]]>Mar 14th 2008 4:55PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/
...hopefully RFID being hacked will jog some certain individuals "common sense" enough that they may reconsider placing that technology into the items I mentioned above.]]>Mar 14th 2008 4:57PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 5:27PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 5:42PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/
To be even more frank we have far more serious things to worry about dealing with terror attacks, if anyone is callous enough to waste the time of the TFL staff and the security forces trying to make a quick buck with this scam they are pond life.]]>Mar 14th 2008 5:39PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 17th 2008 3:21AMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 20th 2008 7:08AMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 14th 2008 11:55PMhttp://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/Mar 15th 2008 12:27AM