Oyster cracked in public, researcher claims

A researcher claims to have developed code that can undermine the cryptography on NXP's Mifare Classic chip, used in London's Oyster card

A researcher has claimed to have created exploit code to crack the cryptography on a chip used in travel smartcards, including in London's Oyster card.

The exploit code can supposedly be used to undermine the cryptography on smartcards which use NXP's Mifare Classic chip, such as the Oyster card and the Dutch OV-Chipkaart.

The researcher, known as 'Bla', is developing the open-source software on the Google Code platform. The exploit code, entitled 'Crapto-1', attempts to exploit NXP's proprietary Crypto1 algorithm. The exploit code builds on work by Dutch researchers from Radboud University in Nijmegen, who published a mathematical explanation of the algorithm and possible attack methods earlier this month.

"This project provides an implementation of the Crypto1 cipher, as well as an implementation of the attack specified by the folks in Nijmegen," wrote Bla on the Crapto1 landing page. "I'm not aware of any other public implementations at this time, I decided to write my own."

The researcher claimed that the code implements the cryptography needed to decrypt captured communications between Crypto1-based RFID tags and card readers. Bla claimed the code can "even recover the shared secret" used to verify the cryptographic process. The researcher also claimed that the code does not interfere with the hardware layer of the card readers.

A spokesperson from Radboud University said that the university was aware of the exploit code, but declined to comment further until Wednesday, when there would be "an update".

Dutch freelance security journalist Brenno de Winter, who broke the story for Webwereld in the Netherlands on Monday, told ZDNet UK that he had "verified the code".

"The code does work; I verified it by reading the source," said de Winter.

Attack code against Mifare Classic chips was published earlier this month by German researcher Henryk Plötz, in his doctoral thesis.

On Tuesday, Transport for London (TfL) said that TranSys, the contractor that runs the Oyster system, had carried out a full assessment of the system and set up additional safeguards. TfL said it is confident that the Oyster system remains secure.

"There is no evidence of the widespread cloning of Oyster cards," TfL said. "The system has not been hacked and there is no risk to cardholders' personal data, as none is stored on the card. Recent problems with the Oyster system are completely unrelated to this and have nothing to do with hacking".

TfL added that it expects to block any fraudulent card within 24 hours.

Show Comments