Oyster cracked in public, researcher claims

Summary:A researcher claims to have developed code that can undermine the cryptography on NXP's Mifare Classic chip, used in London's Oyster card

A researcher has claimed to have created exploit code to crack the cryptography on a chip used in travel smartcards, including in London's Oyster card.

The exploit code can supposedly be used to undermine the cryptography on smartcards which use NXP's Mifare Classic chip, such as the Oyster card and the Dutch OV-Chipkaart.

The researcher, known as 'Bla', is developing the open-source software on the Google Code platform. The exploit code, entitled 'Crapto-1', attempts to exploit NXP's proprietary Crypto1 algorithm. The exploit code builds on work by Dutch researchers from Radboud University in Nijmegen, who published a mathematical explanation of the algorithm and possible attack methods earlier this month.

"This project provides an implementation of the Crypto1 cipher, as well as an implementation of the attack specified by the folks in Nijmegen," wrote Bla on the Crapto1 landing page. "I'm not aware of any other public implementations at this time, I decided to write my own."

The researcher claimed that the code implements the cryptography needed to decrypt captured communications between Crypto1-based RFID tags and card readers. Bla claimed the code can "even recover the shared secret" used to verify the cryptographic process. The researcher also claimed that the code does not interfere with the hardware layer of the card readers.

A spokesperson from Radboud University said that the university was aware of the exploit code, but declined to comment further until Wednesday, when there would be "an update".

Dutch freelance security journalist Brenno de Winter, who broke the story for Webwereld in the Netherlands on Monday, told ZDNet UK that he had "verified the code".

"The code does work; I verified it by reading the source," said de Winter.

Attack code against Mifare Classic chips was published earlier this month by German researcher Henryk Plötz, in his doctoral thesis.

On Tuesday, Transport for London (TfL) said that TranSys, the contractor that runs the Oyster system, had carried out a full assessment of the system and set up additional safeguards. TfL said it is confident that the Oyster system remains secure.

"There is no evidence of the widespread cloning of Oyster cards," TfL said. "The system has not been hacked and there is no risk to cardholders' personal data, as none is stored on the card. Recent problems with the Oyster system are completely unrelated to this and have nothing to do with hacking".

TfL added that it expects to block any fraudulent card within 24 hours.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.