Feeds

Dutch university can publish controversial Oyster research

Freedom of speech trumps all

Choosing a cloud hosting partner with confidence

Dutch researchers will be able to publish their controversial report on the Mifare Classic (Oyster) RFID chip in October, a Dutch judge ruled today.

Researchers from Radboud University in Nijmegen revealed two weeks ago they had cracked and cloned London's Oyster travelcard and the Dutch public transportation travelcard, which is based on the same RFID chip. Attackers can scan a card reading unit, collect the cryptographic key that protects security and upload it to a laptop. Details are then transferred to a blank card, which can be used for free travel.

Around one billion of these cards have been sold worldwide. The card is also widely used to gain access to government departments, schools and hospitals around Britain.

Chipmaker NXP - formerly Philips Semiconductors - had taken Radboud University to court to prevent researchers publishing their controversial report on the chip during a the European computer security conference in Spain this autumn. Spokesperson for NXP Martijn van der Linden said that publishing the report would be "irresponsible" - understandably, the company fears criminals will be able to attack Mifare Classic-based systems.

However, the judge today ruled that freedom of speech outweighs the commercial interest of NXP, as "the publication of scientific studies carries a lot of weight in a democratic society".

The researchers have always said they don't intend to include details of how to clone the card and that publications could prevent similar errors occurring in the future. NXP says it is disappointed with the ruling. ®

Security for virtualized datacentres

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.