Cloned cards already in use in London?
The last couple of weeks have been a laugh a minute for me, at the Oyster big brother system and their corporate suppliers.
2 weeks ago a Uni announces they have figured out how to clone the cards. This means that the type of cards they cloned have been clonable since they have been on the market, even though the manufacturer claimed otherwise.
1 week ago the Oyster card system breaks in London, early on a Sunday morning. I assume this is the quietest time for TFL? If so, I guess the break was caused by the roll out of a patch or update. And I wonder what that patch did? Perhaps it was to try and mitigate the effects of possibly cloned cards?
The way the Oyster cards work is that the card itself holds the credit, so when you use an Oyster card it doesn't go away to a central point to confirm yes or no, like credit^W debt cards do. This means that if you were able to clone Oyster cards the clone would probably work successfully for quite a while. I bet the backend systems were not designed to take real-time authorisation checks, so if the change TFL made added this, or even just real-time auth for every 100th card presented, the central servers could have croaked it, killing the whole system for a several hours.
Of course, the Oyster maker's attitude of wanting security through obscurity overlooks a glaring piece of logic: If those Dutch researchers could figure out how to clone the cards, then other people also would be able to. It stands to reason that cloned cards are already being used.
Personally I am happy that the Oyster card thing is being toppled. Yeah, I know it adds convenience to travelling in the big smoke, but the tracking abilities it provides are horrific, and to me doen't make the system worthwhile. And the implementation in London means that the beaurocrats will always win if there is a dispute over fares and fines etc..