14 DAY TRIAL // A little while back two scientists from Radboud University in the Netherlands, Wouter Teepe and Bart Jacobs, decided to prove that the Oyster card is not as safe as you may think it is. They managed to surmount all the security features of the card which uses NXP Mifare technology, then took a cloned card and used it on the London tube. NXP Semiconductors is now suing the Radboud University in an effort to prevent the two scientists from publishing a detailed paper on how they beat the Oyster card. The court hearing will take place on the 10th of July, 2008.
The two Dutch researchers only took an interest in the Oyster card because it uses the same sort of technology as the Dutch OV-chipkaart, the local electronic payment system which they also managed to crack. By cloning the card the researchers could travel on the London tube without having to pay a dime; when they reset that card's credit level by using a laptop, they successfully imitated what would happen if you tried to access the public transportation service without paying.
A detailed paper is to be presented at Esorics, a computer security conference that will be held in September in Spain. A report on the subject has been already made public, but it is nowhere near as detailed as the Esorics paper is going to be. The researchers say that it is their duty as scientists to publish it, especially since it will have an impact on improving security technology.
The chip producing company NXP does not see it this way and has advised against the publication of the paper. Even Tineke Huizinga, the Netherlands Secretary of State, has asked Radboud University to keep the findings about the Oyster card private, but to no avail. The only solution NXS could come up with was to sue Radboud University and hopefully a court of law will prevent the publication of the paper, which is entitled "Dismantling MIFARE Classic".