Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hacked Oyster Card System Crashes Again

kdawson posted more than 6 years ago | from the no-pearls-in-sight dept.

Hardware Hacking 95

Barence sends along PcPro coverage of the second crash of London's Oyster card billing system in two weeks. Transport for London was forced to open the gates and allow free travel for all. "There is currently a technical problem with Oyster readers at London Underground stations which is affecting Oyster pay as you go cards only," explains the TfL website. This follows the first crash two weeks ago, which left 65,000 Oyster cards permanently corrupted. Speculation is increasing that the crashes may be related to the hacking of the Oyster card system by Dutch researchers from Radboud University, though TfL denies any link. Plans to publish details of the hack were briefly halted when the makers of the chip used in the system sued the group, although a judge ruled earlier this week that the researchers could go ahead. During the court action, details briefly leaked on website Wikileaks.

cancel ×

95 comments

Sorry! There are no comments related to the filter you selected.

It's not been hacked (4, Informative)

Jellybob (597204) | more than 6 years ago | (#24334141)

According to The Guardian (http://www.guardian.co.uk/uk/2008/jul/25/london.transport) it's because Transys, who the Oyster system is contracted out to, are sending incorrect data.

I'll admit, when I got to the underground station this morning to hear about an "Oyster card problem" which meant that all the gates were open, my first thought was that someone had used the exploit to do unpleasant things to their network, but I think it's just wishful thinking.

If it carries on like this, I might stop paying for a travelcard, since it seems every couple of weeks everyone gets to travel for free anyway ;)

Re:It's not been hacked (-1, Redundant)

Anonymous Coward | more than 6 years ago | (#24334183)

Read the headline again.

"Hacked Oyster Card System Crashes Again"

Re:It's not been hacked (3, Insightful)

Jellybob (597204) | more than 6 years ago | (#24334243)

I did read the headline. Just because someone is capable of exploiting the system doesn't mean thats what happened.

Somehow I trust The Guardian slightly more then "Barence".

Re:It's not been hacked (0)

Anonymous Coward | more than 6 years ago | (#24338437)

Except perhaps in a meta sense. Demonstrating the frailty of a system, results in a social hack (people freak out). The system of trust is hacked. ;)

Re:It's not been hacked (-1, Offtopic)

Jellybob (597204) | more than 6 years ago | (#24334269)

Oh... and chilled urine, or whatever I'm meant to say at seeing that no one else has commented yet ;)

Re:It's not been hacked (2, Interesting)

Anonymous Coward | more than 6 years ago | (#24334473)

dammit i forget my card one day, buy a day ticket and i could have gone for free all along!

i really dont get why people think the uk system is very vulnerable when the systems in europe (well paris, madrid, rome, barcelona anyway) are all based on magnetic strips which are much cheaper/easier to reencode than the oyster cards.

Re:It's not been hacked (1)

Archon-X (264195) | more than 6 years ago | (#24339617)

I can't speak for other European cities, but Paris has an implimentation of an RFID-based card, running on the CALYPSO system.

In fact, it's now impossible to purchase the 'Carte Orange' - one must use a Navigo to purchase their normal weekly / monthly tickets.

That said, the mix of magnetic cards for single trips still exists, but flow problems are reduced by having Navigo-only entrances in most stations.

Re:It's not been hacked (1)

xaxa (988988) | more than 6 years ago | (#24343649)

London still has magnetic tickets too. They're either the expensive ones (double the cost of the journey with an Oyster card), or normal train tickets valid for a transfer through London, or rail season tickets valid for use on the Underground.

It is impossible to buy paper tickets where an Oyster ticket would do, except for the expensive tourist-gouging ones. The paper ones are essentially for compatibility with the rest of the country.

Re:It's not been hacked (3, Interesting)

pjt33 (739471) | more than 6 years ago | (#24334545)

I find myself wondering why Transys have to send any data. What do these "data tables" contain?

Re:It's not been hacked (3, Insightful)

Viol8 (599362) | more than 6 years ago | (#24334781)

Probably something to try and get around this hack thats appeared for MiFARE.

Do I believe all this happening now with Oyster is just a co-incidence given part of the hack was made public recently? Err , no, I bloody don't.

Re:It's not been hacked (1)

Rogerborg (306625) | more than 6 years ago | (#24335319)

That seems like a reasonable inference. I'd bet that someone is spitting "But it worked when we tested it in the lab!" at this very moment.

Re:It's not been hacked (1)

TheLink (130905) | more than 6 years ago | (#24337787)

My _wild_guess_ is that they probably screwed up the reconciliation checks.

I suspect that once in a period (day?) all the transactions are sent to a central site and the "correct" values for all the cards are calculated, and if cards deviate (too much?) from the expected value, they are flagged and put on a blacklist that is distributed everywhere.

Something went wrong somewhere - maybe not all transactions were sent in time (WAN, sneakernet failed), and someone still ran the checks and invalidation thingy _anyway_ when they shouldn't have, thus messing up tons of cards that were valid.

When such a system works, the hacking stuff doesn't matter at all, except for cases where people just use the tampered cards for only one day (or however long it takes for detection). If they require people to be identified before they can buy a card, that may deter tampering even further.

Of course, I could be totally wrong - this is just a wild guess after all :).

So... (-1, Redundant)

Oh no, it's Dixie (1332795) | more than 6 years ago | (#24334155)

They hacked an Oyster card that allows free travel for everyone?

Re:So... (4, Informative)

xaxa (988988) | more than 6 years ago | (#24335265)

If the system is a bit broken (i.e. some people's cards wouldn't work in the gates) they tend to open all the gates in all the stations to avoid congestion (most people, if their card/ticket doesn't work, try again, then again, then turn round to move away and are faced with 1000 people wanting to go the other way. It slows things down a lot.).

Re:So... (2, Funny)

cayenne8 (626475) | more than 6 years ago | (#24335779)

I prefer my oysters on the half shell, raw, with a bit of cocktail sauce (ketchup, horseradish, hot sauce, worchestershire and a bit of lemon juice.).

Never tried having oyster 'cards' before....

:)

Re:So... (-1)

Anonymous Coward | more than 6 years ago | (#24337025)

Mods need to get a sense of humor.

Free Commute (1)

DJCater (877532) | more than 6 years ago | (#24334163)

Normally I find the Oyster Card system simple and reliable. At least I travelled into work this morning for free at about 10 am :-)

Re:Free Commute (3, Insightful)

Jellybob (597204) | more than 6 years ago | (#24334283)

Sadly I'm on a travelcard, so I still got to pay for the privilege, but at least I didn't have to queue up behind any tourists trying to work out how to get their suitcase through the barriers for once.

Re:Free Commute (2, Informative)

Xiaran (836924) | more than 6 years ago | (#24335911)

Right on. One of my pet hates. My other one is the person who has arrived at the barrier in front of me only to then realise that in order to go thru they will require an Oyster card. ANd then proceed for 2 minutes fumbling thru a purse, bag or jacket looking for one. Not thinking for an instant that perhaps they should move aside to do this, but rather just stand blocking the way for everyone else.

Re:Free Commute (1)

caluml (551744) | more than 6 years ago | (#24336573)

And how do you suggest that people cross London with rucksaks, bags, etc?

Re:Free Commute (0)

Anonymous Coward | more than 6 years ago | (#24336961)

With consideration for others.

Before automatic ticket barriers were introduced, you often had to show your ticket to platform staff - either way, you should have your ticket ready when you get to the barriers. If you've been sat on a train for 2 hours, there's plenty of time to fish your ticket out from the bottom of your bag, rather than wait until you're stood in front of the ticket barrier with your suitcase jammed across it.

Re:Free Commute (1)

rich_r (655226) | more than 6 years ago | (#24338023)

Outside the fskcin rush hour, kthxbai

Re:Free Commute (1)

Oktober Sunset (838224) | more than 6 years ago | (#24343845)

with a rucksack, you walk through with it on your back, with a suitcase, you stick it through the hole for suitcases, it's not difficult to work this out.

Re:Free Commute (1)

mdwh2 (535323) | more than 6 years ago | (#24344003)

I often travel through London with a rucksack. That doesn't stop me having my Oyster card ready for the machine, and I don't see why on earth it would. And if for some reason I didn't have it ready, I don't see how my rucksack would prevent me from stepping to one side.

Re:Free Commute (1)

Jellybob (597204) | more than 6 years ago | (#24358337)

I travel with a rucksack almost everywhere I go, and it's never been a problem for me. You touch your card on the reader and walk through.

If I have to take a suitcase with me, then I have the good sense to use the extra large gates designed to take suitcases through.

While I'm on the subject of underground hates, I hate weekends. Millions of tourists, and most of them don't seem to be able to read the signs saying "stand on the right" on every escalator, so it takes twice as long to get anywhere.

Re:Free Commute (1)

Skuld-Chan (302449) | more than 6 years ago | (#24340923)

Oh like you had no issues the first time you ever did this?

Re:Free Commute (1)

Jellybob (597204) | more than 6 years ago | (#24358359)

I certainly didn't. How hard is to work out that when you approach the ticket barriers, you'll probably need a ticket to get through them?

I don't know about this... (4, Funny)

erroneus (253617) | more than 6 years ago | (#24334167)

...I'm not sure I can trust the news being provided in this case, but one thing is certain -- something smells fishy about this.

Re:I don't know about this... (3, Funny)

Anonymous Coward | more than 6 years ago | (#24334285)

Those Oyster crackers must be up to no good!

Re:I don't know about this... (1)

dreamchaser (49529) | more than 6 years ago | (#24335615)

Thanks for that post. It's always nice to find a pearl of wisdom here on /.

Re:I don't know about this... (1)

T3Tech (1306739) | more than 6 years ago | (#24340099)

Free oysters for all - no card needed? You're right, it would never happen.

What really happening is.... (5, Funny)

benwiggy (1262536) | more than 6 years ago | (#24334213)

Can't you see, man? The Underground *wants* to be free!

details briefly leaked on website Wikileaks? (1)

iminplaya (723125) | more than 6 years ago | (#24334239)

What, was it taken down? By whom? What's up with that?

Wikileaks problems? (4, Interesting)

wile_e_wonka (934864) | more than 6 years ago | (#24334255)

details briefly leaked on website Wikileaks

What? "briefly" leaked? Does this mean Wikileaks removed those details? I thought that was against Wikileaks policy.

No cards will be corrupted this time .... (4, Interesting)

Aceticon (140883) | more than 6 years ago | (#24334345)

... bullshit.

This morning when I was exiting from the destination tube station (the system crashed while I was traveling) there was both one guy shouting and announcements through the information system telling us not to "touch out your card" (meaning, don't have it read by the reader).

If there is no risk of the cards being corrupted, why where they giving us those instructions?

Re:No cards will be corrupted this time .... (2, Informative)

FlyingBishop (1293238) | more than 6 years ago | (#24334489)

Because there's an obviously increased chance of corruption if something is fucked up with the system, and there's no reason to swipe a card if you're riding for free, even if, logically, swiping your card should have no effect.

Any sysadmin knows that any action can have unforeseen repercussions when the system's in perfect shape. No reason to tempt fate.

Re:No cards will be corrupted this time .... (2, Interesting)

Anonymous Coward | more than 6 years ago | (#24334605)

Not touching out means you pay the maximum possible fare for your journey rather than the actual fare.
It's one way to recoup the cost of having to open the gates I suppose.

Re:No cards will be corrupted this time .... (1)

Jellybob (597204) | more than 6 years ago | (#24334773)

The last information I saw was that if you got hit with the maximum fare while the gates were open, they'll refund automatically.

Of course whether that happens or not is a different question.

Re:No cards will be corrupted this time .... (2, Informative)

RalphSleigh (899929) | more than 6 years ago | (#24337997)

I was refunded when I has an incomplete journey due to the problem a couple of weeks ago, I got an email even saying I would be refunded next time I touched in at my 'home' station (auto topup only tops up at your home station you designate, maybe any station would refund you if it were not enabled on your card)

Re:No cards will be corrupted this time .... (1)

jrumney (197329) | more than 6 years ago | (#24343605)

Oh great, I no longer live in London, but I was in for the Saturday a couple of weeks ago when the first problem happened, and as I touched out at Waterloo got a red light come up saying "Seek Assistance", so I presume my card was affected. So now I have to go to the station in outer London I nominated as my home station 5 years ago to get my refund?

Re:No cards will be corrupted this time .... (1)

Jellybob (597204) | more than 6 years ago | (#24358395)

Try calling TFL's Oyster line on 0845 330 9876 - it depends who you get put through to, but I've often had some incredibly helpful people there.

Incidently, the travel information line are really good at giving directions to the nearest bus home when you're wondering around London, drunk and lost, at 3 in the morning!

Re:No cards will be corrupted this time .... (3, Informative)

Jellybob (597204) | more than 6 years ago | (#24334649)

Because last time this happened, people's cards did get corrupted. I think it's more likely that the staff in that station decided not to take any chances, and tell people not to put their cards near the readers just in case.

Certainly at the station I was going through the only instructions given were to go straight through the barriers, but we weren't warned about not using the readers.

Re:No cards will be corrupted this time .... (1)

jrumney (197329) | more than 6 years ago | (#24335835)

They do this when there are faults during rush hour to keep people flowing. Otherwise someone inevitably stands at the gate waiting for the green light after they touch their card to the dead Oyster reader and within seconds there is a massive queue behind them.

Re:No cards will be corrupted this time .... (0)

Anonymous Coward | more than 6 years ago | (#24342831)

I'm sure that's it. As a tourist in London, I loved the underground, but the gates were a problem. Pause for two seconds to figure out what you are doing and you create a huge jam. Still, it only took a couple trips before we went through without slowing down like the natives.

If it isn't working... (5, Funny)

Anonymous Coward | more than 6 years ago | (#24334367)

Guide for IT Managers When Deciding Blame.

1. Hackers did it! If hackers couldn't have done it...
2. Disgruntled employees did it! If disgruntled employees couldn't have done it...
3. It's the vendor's fault! If the vendor couldn't have done it...
4. It's our fault.

Now... Reverse the list and that's what really happened.

Re:If it isn't working... (0)

Anonymous Coward | more than 6 years ago | (#24334407)

I don't think anyone is blaming them for giving them free metro rides?

Re:If it isn't working... (5, Funny)

Coraon (1080675) | more than 6 years ago | (#24335059)

reminds me of my first day as an IT lead: The old lead as he is leaving hands me 3 envelopes and says that if I run into a problem that the bosses have to call me on open the first envelope, if it happens again the second and if it happens one more time open the 3rd. The first one told me to blame it on him, the second said to blame it on the team and lay a few people off. The third says "make 3 new envelopes..."

Re:If it isn't working... (1)

qoncept (599709) | more than 6 years ago | (#24335213)

1. There's nothing wrong! If something is wrong...
2. Hackers did it! If hackers couldn't have done it...
3. Disgruntled employees did it! If disgruntled employees couldn't have done it...
4. It's the vendor's fault! If the vendor couldn't have done it...
5. There's nothing wrong.

Fixed.

Re:If it isn't working... (1)

Opportunist (166417) | more than 6 years ago | (#24335697)

4. is wrong. It should read

4. The reasons still examined, we will report findings when we have them.

(wait 4 weeks and nobody will bother to ask anymore, because someone from the Royal family made some blooper again)

Re:If it isn't working... (1)

petes_PoV (912422) | more than 6 years ago | (#24336279)

Number 4 should read:

It's the wrong kind of snow/sun/rain/wind

After that comes excuses like insufficient funding, "aggressive timescale", "thousand year" flood/drought/temperatures,

But never, ever could it be our fault.

3 groups have cracked MIFARE, say BBC (3, Interesting)

internewt (640704) | more than 6 years ago | (#24334457)

This article on the BBC site:
http://news.bbc.co.uk/1/hi/technology/7516869.stm [bbc.co.uk]
Says in the last line

The Dutch group is one of three known to have cracked the Mifare Classic technology.

I haven't heard any other reports of other groups having confirmed to have cracked this system, so does anyone else know what the BBC are on about? But if they are right, then its pretty safe to say that people have been running about with cloned oyster cards for a while.

Unfortunately there don't seem to be any real details of how the copying is done, but I do wonder if the copying process is as simple as that if you can read a card you can clone it? If thats the case, if you need a new card (you will every 24 hours from what I've seen if you're using cloned cards), you just bump into someone on the way into a station with a reader about you person and clone theirs!

With there being two major fuck ups of the oyster system in 2 weeks, I am thinking that someone is really trying to make changes to the oyster system that it can't cope with...... and they would only try and really push the system if copying the cards is actually really easy, or they already have a problem with cloned cards that they're not talking about.

Re:3 groups have cracked MIFARE, say BBC (2, Interesting)

Yvanhoe (564877) | more than 6 years ago | (#24335469)

Unfortunately there don't seem to be any real details of how the copying is done, but I do wonder if the copying process is as simple as that if you can read a card you can clone it?

From what I have read, you can gather enough information to clone a card through two different ways :
* Eavesdropping the communication between the attacked card and the reader (completely passive)
* "Bumping" into someone with a reader that will fake official readers and ask the card for an ID and a challenge. The challenge is easy to brute force because of a flaw in the randomness generator.

Re:3 groups have cracked MIFARE, say BBC (1)

AmiMoJo (196126) | more than 6 years ago | (#24336267)

What happens to cards that were corrupted? Oyster is a stored value card, in other words you put money "on" it... so if it gets corrupted, you loose your money?

Re:3 groups have cracked MIFARE, say BBC (1)

xaxa (988988) | more than 6 years ago | (#24336619)

What happens to cards that were corrupted? Oyster is a stored value card, in other words you put money "on" it... so if it gets corrupted, you loose your money?

My card wasn't corrupted, but AFAIK they were replacing cards and transferring any stored value to the new card.

The cards have an ID number, if you go to the Oyster website you can see the balance of your card (and put more credit on it).

Re:3 groups have cracked MIFARE, say BBC (1)

Ogi_UnixNut (916982) | more than 6 years ago | (#24338067)

I have read/heard about people cloning Oyster RFID cards for a few years now. The only new thing this time round is that someone cracked the encryption, allowing them to actually make modifications, rather than just straight cloning. As such I assume the ability to read/write to the cards is already well establised and reliable, now people are seeing what they can do when modifying the data. As far as I know the Oyster system can only take "top-ups" of about 50 pounds, perhaps someone has been trying to use larger sums, which would cause problems with a system not designed for that input.

your eyes are hypnotizing me (-1, Redundant)

Anonymous Coward | more than 6 years ago | (#24334533)

I cannot speak

false reports wikileaks forced to remove paper (2, Informative)

cohomology (111648) | more than 6 years ago | (#24334547)

Wikileaks posted the wrong paper, realized it, and took it down. The paper they had was published quite openly on the arxiv.org archives:

http://arxiv.org/abs/0803.2285 [arxiv.org]

Read wikileaks own discussion of the event:

http://wikileaks.org/wiki/Talk:Censored_Milfaire_Classic_Oyster_Card_break_paper_2008 [wikileaks.org]

Please mind the gap... (3, Funny)

jwiegley (520444) | more than 6 years ago | (#24334685)

between your card and our security.

Maybe somebody can convince Emma Clarke [wikipedia.org] to provide us a nice cheeky voice-over for these sort of situations?

Just underground barriers (2, Informative)

Kingston (1256054) | more than 6 years ago | (#24334875)

Unlike the crash two weeks ago that affected all Oyster readers and even corrupted the cards of people making top up payments, this seems to just have affected London Underground barriers this morning for pay as you go customers. "Oyster card readers on London Buses and on the Tram network have been unaffected." [bbc.co.uk]

Re:Just underground barriers (1)

internewt (640704) | more than 6 years ago | (#24335443)

As I understand it, the buses (and presumably trams) only exchange data with the big brother network at the depot.... so if a bus goes out with a working Oyster reader thing, then (in theory) it'd work all day even if the rest of the oyster network fucks up whilst the bus is out.

Re:Just underground barriers (2, Interesting)

Jellybob (597204) | more than 6 years ago | (#24335553)

Yeah, that's the theory. In practice it seems that if a bus goes out with a working Oyster reader, it'll die by the end of the day ;)

I've lost count of the number of times that I've been told to just get on, because the reader isn't working.

Re:Just underground barriers (1)

_Shad0w_ (127912) | more than 6 years ago | (#24336959)

Likewise. But then I'm also losing track of the number of times I have to touch the damn card against the reader on buses and barriers before the damn things works.

Re:Just underground barriers (1)

Jellybob (597204) | more than 6 years ago | (#24358305)

You probably need a new card then - I keep mine in my wallet and never even take it out.

I'll very occassionally have a problem if my company ID (which also has an RFID chip in it) gets in the way, but that only happens every few months.

Re:Just underground barriers (1)

_Shad0w_ (127912) | more than 6 years ago | (#24358687)

Yeah, I keep meaning to get a new one. Will probably end up doing it on the way in to work when I get to Liverpool Street tomorrow.

Mine stays in my rail ticket wallet - usually it never comes out either. It's no different to keeping it in the wallet it comes in really.

Re:Just underground barriers (0)

Anonymous Coward | more than 6 years ago | (#24343739)

Maybe the bus was too hot and the oyster had gone bad?

Oyster cards not working for you? (2, Funny)

sjonke (457707) | more than 6 years ago | (#24334885)

You could always try the Spanish fly card

Operater Error (4, Funny)

Shadow Wrought (586631) | more than 6 years ago | (#24334979)

Some set the reader from "Oyster" to "Clam." No word yet on whether or not other vendors will attempt to mussel into the market.

Re:Operater Error (1)

martin_henry (1032656) | more than 6 years ago | (#24335189)

So in other words, the Oyster system was smashed to pieces.

Re:Operater Error (5, Funny)

Golygydd Max (821422) | more than 6 years ago | (#24335347)

Do you think they used Perl?

Re: Obligatory - Operater Error (1)

n0084ever (1042786) | more than 6 years ago | (#24337961)

... on windows, no less

Re:Operater Error (1)

aproposofwhat (1019098) | more than 6 years ago | (#24335691)

Eventually some bright spark will winkle out the truth, though hacking travel cards does seem kind of shellfish.

I'll be using mine later today to go and watch some barnacle boxing - hope I'm not all abalone :P

The problems even the balance between us and them. (2, Interesting)

theMassOfToe (1185695) | more than 6 years ago | (#24335311)

The Oyster card system requires you touch your card at the start and end of your journey, or it defaults to charging the maximum fare (which is alot - now about £4.00 I think).

But there are cases outside the norm where this penalty is charged unjustly - like on the way to a special event when the tube's packed, or when you forget something and have to leave the station without travelling. The fare/penalty is charged automatically and you might not even notice, but of course to get it refunded you have to phone a helpline with all the usual crap to go through, so you end up being out of pocket.

The system is absolute and doesn't allow leeway for people's imperfect/unexpected behaviour. A few breakdowns on TFL's side are only fair therefore, as they help even the financial balance a bit.

Re:The problems even the balance between us and th (1)

internewt (640704) | more than 6 years ago | (#24338145)

Yeah, 4UKP is quite a bit of money, but I think it is at the price point where people are likely to go "fuck it", when the prospects of getting it back involve calling an 0845 (non-free) number and dealing with a call centre staffed by beaurocrats.

Even if your journey was only a quid (is there a journey that cheap in London? Around here I think the cheapest bus ride is over a quid these days), you're then ringing up for a 3 pound refund. The telephone call will be cheap, but will still have a cost directly proportional to the length of the call. The minimum wage in London is 7.20UKP per hour (I think, but it is more than the national minimum wage), and obviously there are lots of people earning more than that.... even for those on the lowest pay, ringing up for a refund might not even be worth their time depending on the size of the refund, what their bosses are like about spending time on the phone when at work, and the opening hours of the call centre!

Re:The problems even the balance between us and th (1)

Doug Neal (195160) | more than 6 years ago | (#24341761)

Even if your journey was only a quid (is there a journey that cheap in London? Around here I think the cheapest bus ride is over a quid these days)

A bus ride on Oyster is 90p, regardless of how many stops you stay on for. Quite a cheap, although usually unpleasant, experience :D

Re:The problems even the balance between us and th (1)

soliptic (665417) | more than 6 years ago | (#24342139)

But there are cases outside the norm where this penalty is charged unjustly ... when you ... leave the station without travelling.

When this happened to me

to get it refunded you have to phone a helpline with all the usual crap to go through, so you end up being out of pocket.

I just spoke to a member of staff and he went to the machine and refunded it on the spot, no questions asked.

Admittedly, though, staffing levels / hours are not exactly stellar.

Sonic Problem in the Oyster System. (3, Funny)

jameskojiro (705701) | more than 6 years ago | (#24335513)

It crashed because some schmuck needed a free ride on the subway and instead of using his psychic paper to get past the check point the idiot used his sonic screwdriver to bypass the system and crashed the servers. Don't blame the hackers, blame the police call box traveling schmuck who needed to be on the other side of London so he could save the world, again.

 

Re:Sonic Problem in the Oyster System. (1)

ScrewMaster (602015) | more than 6 years ago | (#24335831)

Don't blame the hackers, blame the police call box traveling schmuck who needed to be on the other side of London so he could save the world, again.

That was ... who did you say?

Bit of an understatement ... (3, Insightful)

ScrewMaster (602015) | more than 6 years ago | (#24335755)

During the court action, details briefly leaked on website Wikileaks.

Details don't just "briefly leak" on the Internet.

Establish Some Baseline Facts! (2, Interesting)

Anonymous Coward | more than 6 years ago | (#24336117)

Card hacks like this are a total waste of everyone's time including the researchers!

I don't know the specifics of the Oyster system, but I promise you the card is very, very dumb. So dumb the possibility of 65,000 cards being corrupted in one time is not the card's fault.

How can I possibly know that? Well, if the submitter knew anything about value transfer cards, he would know that cards that store value require microseconds to transfer the value. Those microseconds translate into the rider having to -stop and wait- in order to transfer value. Which all mass transit riders know would be an absolute mess. So, the card carries, at most, a disguised unique ID with all the value transfer happening on some backend.

Now, the backend voiding 65,000 cards is easily possible. It's gross mismanagement on the part of the person publicly communicating the issue that they are describing the cards as broken.

Finally, how much does one stand to make cracking a transit system at the subway level? Not much at all. Steal a few rides? Let's say you want to mass-produce your hack, where are you going to get the cards for that? Those are two simple issues. There are many others....

This leads me to believe there are political forces at work regarding a new service/IT contract for the system if the story gets more attention than a summary on slashdot.

Check into Chevron paypass crack. This is actually do-able by someone well-grounded in rf electronics. To give you an idea of how bad that system is, you send the receiver odd keys (FFFFFFFFFF) to discover facts about the weak encryption. Which is *exactly* why every self-respecting American geek should avoid paypass and the contactless Visa/Mastercards like the Black Plague.

Re:Establish Some Baseline Facts! (2, Interesting)

xaxa (988988) | more than 6 years ago | (#24336833)

Card hacks like this are a total waste of everyone's time including the researchers!

I don't know the specifics of the Oyster system, but I promise you the card is very, very dumb. So dumb the possibility of 65,000 cards being corrupted in one time is not the card's fault.

How can I possibly know that? Well, if the submitter knew anything about value transfer cards, he would know that cards that store value require microseconds to transfer the value. Those microseconds translate into the rider having to -stop and wait- in order to transfer value. Which all mass transit riders know would be an absolute mess. So, the card carries, at most, a disguised unique ID with all the value transfer happening on some backend.

Not true, at least for the Oyster card. It stores a value as well as an ID. There are several thousand buses in London, each with an Oyster reader, and no reliable, fast way to access a central database (of several million cards) from the buses.

When you add credit to a card, you touch the card to the ticket machine, insert coins, press the "I'm done" button, and then touch the card again -- further demonstrating that the card has more than an ID, it needs to be updated to know how much money has been added to it.

Which is *exactly* why every self-respecting American geek should avoid paypass and the contactless Visa/Mastercards like the Black Plague.

I'm interested in the contactless VISA/MasterCard, I'll get one as soon as I'm offered one. But here, they guarantee to refund any transactions not made by the cardholder.

Re:Establish Some Baseline Facts! (1)

mpapet (761907) | more than 6 years ago | (#24338709)

Not true, at least for the Oyster card. It stores a value as well as an ID. There are several thousand buses in London, each with an Oyster reader, and no reliable, fast way to access a central database (of several million cards) from the buses

You don't have any way of know *how* value is stored.

The bus info should not be construed to suggest that the AC is wrong. I'd be interested to know how long one of those bus transactions take. If it's a true offline transaction, it would be pretty slow to complete a bus rider boarding/paying with an oyster card event. Cost-wise, it is cheaper to pay to install a mobile phone modem on the bus than issue transit cards that store value.

Unless you have intimate knowledge of transit card systems, don't leap to the conclusion that the oyster card does offline transactions.

Re:Establish Some Baseline Facts! (1)

shilly (142940) | more than 6 years ago | (#24342233)

A bus transaction takes on the order of a tenth of a second -- you pass the card in front of the reader and hear a beep.

Re:Establish Some Baseline Facts! (1)

mpapet (761907) | more than 6 years ago | (#24345779)

A bus transaction takes on the order of a tenth of a second -- you pass the card in front of the reader and hear a beep

therefore there's little chance it's performing an actual offline value transfer. The reason they can do this is that by the time the update to the backend occurs, you haven't gotten off the bus.

The risks of storing value and performing the value transfer offline are too high for mass transit systems.

Re:Establish Some Baseline Facts! (2, Interesting)

soliptic (665417) | more than 6 years ago | (#24342381)

I admit I know effectively zero knowledge, let alone intimate knowledge, about transit card systems, but I'm fairly sure xaxa is correct. I'm fairly sure I remember reading that Oyster was asynchronous, ie value was stored "distributed" on the cards not on a single centralised/trusted database.

This tallies with reality, I can jump off a bus, onto another, then quickly off that and head straight into the tube, and the tube barrier will reflect the money I just spent on the buses. Without fail. There's clearly no way the buses have "docked" at the depot, and would these mobile phone modems be "always on"? It doesn't seem right to me. There are 8000 buses, which are actually owned/operated by a multitude of sub-contracted private companies, it seems like storing value on the card would be an easily proposition than relying on all those mobile phone modems staying permanently connected? On the flipside, it would be pretty slow to complete a bus rider boarding/paying with an oyster card event - how slow are we talking about here? The AC talks of "microseconds", which is no problem at all, the Oyster generally does need to make fairly decent 'contact' with the reader, a highly vague/fast dab will often fail to read. I'd easily call it a 10th of a second 'pause' as you swipe - be generous, call it a 20th - that's still 50 microseconds, isnt that enough to transfer a single currency value?

That's genuine curiosity in those questions, btw, not rhetorical hostility. Like I said, I don't know much about this stuff and happy to learn, but I do remember reading it was on the card...

WP says, incidentally:

The system is asynchronous, with the current balance and ticket data held electronically on the card rather than in the central database. The main database is updated periodically with information received from the card by barriers and validators. Tickets purchased online or over the telephone are "loaded" at a preselected barrier or validator.

But when I say read, I mean somewhere more 'solid' than WP... Can't find a reference now...

good question! (2, Informative)

mpapet (761907) | more than 6 years ago | (#24345859)

I commend your request for facts and very civil tone in questioning my proposals.

Asynchronous" is an online payment. Consider the tranactions "buffered" such that by the time you reach the next access control point, the last transaction has cleared.

I'd easily call it a 10th of a second 'pause' as you swipe - be generous, call it a 20th - that's still 50 microseconds, isnt that enough to transfer a single currency value?

No. The chip inside the card is *very* low-power low-bandwidth chip with no encryption capabilities on its own.

To do a true offline payment, one has to do quite a bit of encryption/decryption functions on-card. Contactless is neither powerful enough or cheap enough to make it viable.

Another tip of the hat to you for sticking to the issue and challenging my side of the story. I wish more people would behave as you do.

Re:Establish Some Baseline Facts! (1)

xaxa (988988) | more than 6 years ago | (#24343777)

Transaction on a bus: http://www.youtube.com/watch?v=ByT-tZbVZ3A [youtube.com] (with a card where the plastic has been dissolved away, but no matter)

Transaction in a station: http://www.youtube.com/watch?v=3lBB4k-jLz0 [youtube.com]
In general, it's fast enough that you only need to slow down if you're walking quickly.

I don't remember where I got the information I posted, but I think it might have been from the video linked to in this comment: http://hardware.slashdot.org/comments.pl?sid=625801&cid=24334729 [slashdot.org] -- if not, it was one of the leaked papers.

Re:Establish Some Baseline Facts! (1)

AdamInParadise (257888) | more than 6 years ago | (#24365247)

How can I possibly know that? Well, if the submitter knew anything about value transfer cards, he would know that cards that store value require microseconds to transfer the value. Those microseconds translate into the rider having to -stop and wait- in order to transfer value. Which all mass transit riders know would be an absolute mess. So, the card carries, at most, a disguised unique ID with all the value transfer happening on some backend.

This is incorrect. The Oyster card is a Mifare card, i.e. it stores record and protects them through a secure session algorithm. This means that the value of an Oyster card is actually stored in the card. When the card is presented to a gate, the gate actually authenticate the card and its content. The value is probably also stored in a server somewhere, but that's probably only used for fraud detection.

Now, Mifare cards are pretty old hat and their cryptographic algorithms are weak. But better "fare collection systems" do exist. For example, the Calypso system (used in Paris, Brussels and a number of other cities) is based on DES (with 3DES available in the last spec) and ISO9797. And by the way, a Calypso application running in a Java Card is actually fast enough to replace old, proprietary cards like Mifare cards. Speed is not an issue anymore.

Hong Kong's Octopus card (2, Interesting)

Naito (667851) | more than 6 years ago | (#24336637)

This Oyster card seems like a bad rip off of Hong Kong's Octopus card [wikipedia.org] system. Why didn't they just use that anyway? NIH syndrome?

Re:Hong Kong's Octopus card (1)

mpapet (761907) | more than 6 years ago | (#24338779)

Because each municipality generally tends to set up their own system because their transit systems are totally different.

There is no "one size fits all" transit system.

Britain Has Free Health Care, Why Not Free Travel? (0)

Anonymous Coward | more than 6 years ago | (#24337931)

Is it because you don't want to wait four months for a bus?

Make public transportation FREE (1)

Charbax (678404) | more than 6 years ago | (#24339305)

The solution to this problem is quite simple, just leave the gates to the subway permanently opened. Pay for public transportation through CO2 taxes on the most polluting cars and airplane travel. At least, dear London, make it a two week trial, to make all public transportation free. Then measure the CO2 level decreases that would generate for the whole city. You will probably see that a simple freeing up of public transportation reduces transport-related CO2 levels by as much as 30% at one time. You want to reduce CO2 emissions? This is the way to do it. This is the story of how hackers saved the environment.

Re:Make public transportation FREE (1)

xaxa (988988) | more than 6 years ago | (#24343715)

Except that it's already very full, and it's already cheaper than driving (£8 congestion charge if you drive to the centre of London, plus paying to park somewhere).

I think they should reduce the price even more on under-utilised sections, it's already cheap to take the tube around outer London (only the central bit remains busy all day) but they could do the same for buses.

Briefly Leaked? (1)

Nom du Keyboard (633989) | more than 6 years ago | (#24341371)

During the court action, details briefly leaked on website Wikileaks.

How do you briefly leak something onto Wikileaks? Once something gets there it's pretty much there to stay, as several recent plaintiffs have found out.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?