[funsec] Dutch University Can Publish Controversial Oyster Research

Paul Ferguson fergdawg at netzero.net
Fri Jul 18 11:37:29 CDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via El Reg.

[snip]

Dutch researchers will be able to publish their controversial report on the
Mifare Classic (Oyster) RFID chip in October, a Dutch judge ruled today.

Researchers from Radboud University in Nijmegen revealed two weeks ago they
had cracked and cloned London's Oyster travelcard and the Dutch public
transportation travelcard, which is based on the same RFID chip. Attackers
can scan a card reading unit, collect the cryptographic key that protects
security and upload it to a laptop. Details are then transferred to a blank
card, which can be used for free travel.

Around one billion of these cards have been sold worldwide. The card is
also widely used to gain access to government departments, schools and
hospitals around Britain.

Chipmaker NXP - formerly Philips Semiconductors - had taken Radboud
University to court to prevent researchers publishing their controversial
report on the chip during a the European computer security conference in
Spain this autumn.

[snip]

More:
http://www.theregister.co.uk/2008/07/18/university_can_publish_oyster_resea
rch/

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIgMbDq1pz9mNUZTMRAigmAJwJsnP8Yl8XtyLEoYTpnurKZ6+5XgCgv5wH
BNNB0Zg4dpqurM1pUmey1TE=
=GNP2
-----END PGP SIGNATURE-----




--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/




More information about the funsec mailing list