London is your Oyster

The Oystercard is a electronic debit card that has all but replaced tickets on the London tube and bus transport systems. It allows users to put money on the card and discounts this credit as the card is used to enter and exit the underground and buses. The system is fast and unobtrusive and almost everyone who uses London public transport has one. Everyday millions of pounds are being put on these cards and taken of again as Londoners move about their city. The security mechanisms that are supposed to be keeping these millions (your money ultimately!) safe have now been shown to be, frankly, utter crap.

So the Oystercard has been definitely compromised. Its fundamentally broken and needs to be replaced by new technology concepts. Independent experts warned about this back in 2004 so there's no excuses for being all surprised now. Then they warned again in 2005 and last December at the Chaos Computer Club  international IT conference in Berlin. Now the attack on the lackluster security system of the London Oystercard has been practically demonstrated last April by a group of Dutch researchers who were investigating the same technology that was about to be implemented nationally in the Netherlands. "The Oystercard system uses the same chip and has the same basic vulnerabilities" according to Professor Bart Jacobs of the Computer Science faculty of Nijmegen University.

 After the publication of some of the inner workings of the data-encryption mechanism of the chip used in the Oystercard last December in Berlin, a fully operational breach was predicted by many experts. With the basic knowledge of the inner workings of the chip available online for anyone to see, implementing a working attack against the system was just a matter of time. The Dutch research group has been able to clone the funds on an Oystercard to another Oystercard. This provides at-home top-up mechanism allowing essentially free travel in the greater London area after an initial investment of 10 pounds plus a few blank Oystercards at 3 pounds each. Since the required devices and software are otherwise pretty much free today or in the near future (at most a few months from now), the London Transport Authority needs to get moving on this or accept that they will be providing free travel for those capable of using a laptop and a high-end mobile phone (and all their friends).

The systems failure bears all the classical hallmarks of public-sector IT screw-ups. Basing your security mechanism on trying to keep the inner workings of such a system a secret while at the same time distributing 12 million copies of said system into the hands of the public is, frankly, insane. Does anyone think a handful of engineers locked in a room at Philips can come up with a system clever enough so that the combined expertise of 1 billion Internet users cannot defeat it? One has to wonder what they were smoking that day. Then there are bonus points for ignoring repeated warnings from independent experts for several years.

Among security professionals it is considered scripture that the only systems that can be trusted are those that have been tempered in the fire of public scrutiny. No one is as clever as everyone, and with a few million interested specialists online there is nowhere to hide for a system containing design flaws. Flaws are always found sooner or later and most often sooner. One would think that after six decades of spectacular failures the method of keeping a system secure by trying to hide its inner workings (know in the security trade as 'security by obscurity') would be utterly invalidated. The Germans used this method for their supposedly secure communications using the Enigma machine in World War 2. It cost them the battle for the Atlantic and ultimately the war (ok, ok, attacking Russia in August without winter coats for the troops was not a smart move either). More recently a $400 million DVD encryption method was broken by a 16 year old Norwegian hobbyist.

The Dutch system will probably not be implemented in its current form, but the London system is already operational with an estimated 12 million people using the card. For the sake of the financial stability of the tube system one can only hope that clever engineers have already been working on a solution that can be implemented quickly. But I'm not holding my breath. 

The Times picked up the story, and has a writeup of the wider security implications (accescards to buildings and such).