Now they've really gone and done it. At the start of the year, some Dutch researchers managed to crack the Netherlands' travelcard, the OV-chipkaart. Now, this card uses the same technology - NXP's Mifare - as Transport for London's Oyster card. When security experts said the Dutch crack meant the Oyster system should be upgraded or replaced, TfL told us there were enough additional layers of security to make the Dutch case irrelevant to London.
No longer. Wouter Teepe and Bart Jacobs, from Radboud University, today told the Dutch parliament that they'd cracked and cloned London's Oyster card. They were able to not only take free rides on the Underground, but even execute a denial-of-service attack on the gates. Check out a Google translation here of an article, by Webwereld's Brenno de Winter, on the subject.
We're awaiting comment from TfL, and are also in touch with one of the researchers. So, expect more on this tomorrow... I get a feeling this story will roll on and on.
UPDATE (Thursday): Click here for TfL's response...