Feeds

Coventry fans blue over 'hackable' cashless payment system

Sick as a parrot

Protecting against web application threats using SSL

Coventry City fans are worried about the security of a cashless payment card introduced at the football club's Ricoh Arena stadium this season.

The system, intended to reduce the time fans spend queuing at matches paying for food and beverages, is one of the first of its kind. However the technology behind the SkyBluePass is based on the MiFare Classic RFID chip, the same system used by Transport for London's Oyster card.

A security paper due to be presented at a conference in October will show how it might be possible for a hacker to use a wireless RFID sniffer device to read an Oyster card and use this data to create a cloned counterfeit version that can be used as if it was the original.

A member of the team who conducted research into the possibility of hacking the Oyster card confirms that the Ricoh Arena card is based on the same technology as Oyster and is therefore potentially subject to the same security flaws. Peter van Rossum, of Radboud University in The Netherlands, came to this conclusion after examining a Ricoh Arena card sent to him after El Reg put him in touch with Coventry City fan Ben Darlow, who was the first to raise concerns about the technology.

"The [SkyBluePass] card is indeed a Mifare Classic; the 1K variant, to be precise - that's the most commonly used variant. Except for a few sectors, that likely don't contain sensitive data, all sectors are encrypted. Of course, an attacker can decrypt them if he listens in on a communication between a reader and a tag, but without a reader this is as far as I can get," van Rossum said.

"There are ways that the system can make this harder for an attacker, but I've never seen a system where that's actually being done," he added.

van Rossum added that the use of the potentially vulnerable MiFare Classic chip on the Coventry City card is a particular concern "especially since Coventry City seems to be going to use this as some kind of electronic wallet and that could easily present an attractive target for criminals". The use of the MiFare Classic chip is an unnecessary security risk, according to van Rossum, who notes that there are "cheap and secure alternatives available".

Coventry City fan Darlow adds that Coventry appear to be using the same MiFare technology for the club's new season tickets, raising the concern that season ticket holders could be vulnerable to having their tickets cloned and stolen.

"At first I only thought the cashless payment system was vulnerable, but shortly before the first match of the season the club announced that all season ticket holders would be given £7 credit. When I went to the match I saw that this was done using the season ticket cards themselves, so it seems a very plausible scenario that the season ticket cards are also Mifare Classic cards," Darlow told El Reg.

Neither van Rossum or other security experts have examined a copy of the season ticket which may integrate with a cashless payment system in the same way that an Oyster card can carry both a travel card season ticket and Oyster PAYG credit. "It's speculation on my part, but quite likely speculation," Darlow said.

The Ricoh Arena cashless card system system was installed by German integrator Payment Solutions AG. Neither Coventry City nor Payment Solutions AG have responded to our requests to comment on security concerns, first raised by Darlow, about the SkyBluePass system. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.