Back in July, some researchers at the Radboud University in Holland discovered a way to hack the RFID chip used in a number of mass transit cards worldwide, including London’s Oyster card.
The company behind the card, NXP, attempted to get a court order preventing them from doing so, but failed. Out of generosity, the researchers offered to wait until October to publish their findings, giving NXP time to develop a fix. It’s unclear whether they’ve managed to do so or not, but the research has now been published.
The flaw in the RFID chip allows anyone to copy or change the details within the chip. This means that cloned cards can be made, and the amount of credit on a card can be altered too. The researchers visited London earlier this year to test out their hack, and successfully cloned an Oyster card.
TFL, however, spotted the breach. Director of fares and ticketing, Shashi Verma, said: “We knew about it before we were informed by the students.” The Director also said that TFL has a number of other security measures, and it will continue to improve and update them as time goes on.