Feeds

Coventry fans blue over 'hackable' cashless payment system

Sick as a parrot

The Essential Guide to IT Transformation

Coventry City fans are worried about the security of a cashless payment card introduced at the football club's Ricoh Arena stadium this season.

The system, intended to reduce the time fans spend queuing at matches paying for food and beverages, is one of the first of its kind. However the technology behind the SkyBluePass is based on the MiFare Classic RFID chip, the same system used by Transport for London's Oyster card.

A security paper due to be presented at a conference in October will show how it might be possible for a hacker to use a wireless RFID sniffer device to read an Oyster card and use this data to create a cloned counterfeit version that can be used as if it was the original.

A member of the team who conducted research into the possibility of hacking the Oyster card confirms that the Ricoh Arena card is based on the same technology as Oyster and is therefore potentially subject to the same security flaws. Peter van Rossum, of Radboud University in The Netherlands, came to this conclusion after examining a Ricoh Arena card sent to him after El Reg put him in touch with Coventry City fan Ben Darlow, who was the first to raise concerns about the technology.

"The [SkyBluePass] card is indeed a Mifare Classic; the 1K variant, to be precise - that's the most commonly used variant. Except for a few sectors, that likely don't contain sensitive data, all sectors are encrypted. Of course, an attacker can decrypt them if he listens in on a communication between a reader and a tag, but without a reader this is as far as I can get," van Rossum said.

"There are ways that the system can make this harder for an attacker, but I've never seen a system where that's actually being done," he added.

van Rossum added that the use of the potentially vulnerable MiFare Classic chip on the Coventry City card is a particular concern "especially since Coventry City seems to be going to use this as some kind of electronic wallet and that could easily present an attractive target for criminals". The use of the MiFare Classic chip is an unnecessary security risk, according to van Rossum, who notes that there are "cheap and secure alternatives available".

Coventry City fan Darlow adds that Coventry appear to be using the same MiFare technology for the club's new season tickets, raising the concern that season ticket holders could be vulnerable to having their tickets cloned and stolen.

"At first I only thought the cashless payment system was vulnerable, but shortly before the first match of the season the club announced that all season ticket holders would be given £7 credit. When I went to the match I saw that this was done using the season ticket cards themselves, so it seems a very plausible scenario that the season ticket cards are also Mifare Classic cards," Darlow told El Reg.

Neither van Rossum or other security experts have examined a copy of the season ticket which may integrate with a cashless payment system in the same way that an Oyster card can carry both a travel card season ticket and Oyster PAYG credit. "It's speculation on my part, but quite likely speculation," Darlow said.

The Ricoh Arena cashless card system system was installed by German integrator Payment Solutions AG. Neither Coventry City nor Payment Solutions AG have responded to our requests to comment on security concerns, first raised by Darlow, about the SkyBluePass system. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.