Features Podcasts Family Video Comics Music Tech Science Books Film & TV Games ✚

Jill

Dutch RFID transit pass cracked and cloned

Cory Doctorow at 1:32 am Tue, Jan 15, 2008

— FEATURED —

Book Review

The Man Who Laughs: grotesque Victor Hugo potboiler was the basis for The Joker

Feature

Eurovision 2013: An American in London

Book Review

The Twelve-Fingered Boy - mesmerizing YA horror novel

— FOLLOW US —

Boing Boing is on Twitter and Facebook. Subscribe to our RSS feed or daily email.

 

— POLICIES —

Except where indicated, Boing Boing is licensed under a Creative Commons License permitting non-commercial sharing with attribution

 

— FONTS —

Tweet
Kindle
Melanie Rieback, who worked on the RFID Guardian, sez,
Roel Verdult, an MSc. student from the Raboud University of Nijmegen, used an RFID tag emulator to perform a successful practical relay attack on the single-use OV Chipkaart (the Dutch RFID public transportation card), that uses MIFARE Ultralights (no crypto).

There's a video of the relay attack available. The video speaks for itself.

Roel used a homemade tag emulator that was modeled after Kfir and Wool's "ghost and leech", to perform a simple relay attack. However, anyone can perform the same attack using the RFID Guardian, whose HW/SW is freely available.

PDF Link

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE:  Gadgets • Games

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

  • freebeets

    May I have one for the Tokyo Metro please?

  • madjo

    The Dutch transit pass is really getting hammered for the use of this MIFARE RFID chip. First the new national pass is now delayed because of the hack demonstrated at last years CCC.
    And now this one-time transit pass is hacked.

    It’s time to see that firstly RFID is NOT the solution, and secondly security-through-obscurity is not the way to protect your system.

  • Jeff

    Well, everyone knows mass transportation should be FREE. Transportation is like information! Really.

    Jeff

  • l0k1

    the problem is, preventing bypassing of the security of public transport is prohibitive, because public transport implicitly runs at a loss anyway. in most pre-rfid districts anyone with the will can fabricate perfectly acceptable public transport tickets. and i doubt there will be any difference post-rfid, except increasing the losses to the city councils operating them.

    i agree with the sentiment about making public transport free. the problem is, when it comes down to it, the cost of it will only increase the more that operators try to prevent free riders.

    perhaps it would be a more beneficial view of it to think of public transport as a means to facilitate greater levels of trade, which indirectly improves rates of taxation revenue.

    so all we have to do is get rid of this federal tax nonsense and let taxation operate on a regional basis with a transparent purpose rather than the present obfuscation and diversion of the majority of it to military and intelligence operations. then people could develop a more region-appropriate type of defense, rather than this nonsensical nationalistic militarism. (if you talk to any military person they will tell you straight up that every territory has different defense characteristics, some areas are indefensible, some are easy to defend, some have nothing worth defending…)

    amongst other things.

  • Tom

    Using tickets or tokens for public transport is not the only solution.

    The Calgary LRT uses an honour system with random spot checks. You just walk on. If you paid for a ticket, well and good, but there are no ticket checkers. There are random checkers who can ask anyone to see their ticket. If you don’t have it, it’s a fine. A friend who rides regularly tells me she’s computed the average cost and it’s about the same whether or not she buys a ticket.

    Note that my information on all this is ten years out of date, so it may all be false now. But I do know that for a long time this was the way the Calgary system worked, and it worked well.

  • dersk

    The Dutch metro (and tram) system has gradually been moving from an honor system with spot checks to having conductors and controllers all over the place. At least in the 14 years I’ve been living here.

    From an article that was published today:
    http://automatiseringgids.sdu.nl/ag/nieuws/nieuws/toon_nieuwsbericht.jsp?di=385168

    The CBP (Dutch Bureau for Protection of Personal Data – yeah, we’ve got one of those) is threatening to impose fines on the GVB (Amsterdam public transport company) if it doesn’t comply to the law in the use of the new card. The fines are so high that they could lead to the bankruptcy of the company. Later on in the article, the chairman of the CBP is basically quoted as saying: “Threatening language? You betcha!” I think I like this guy…

  • Jeff

    More: I used to live in a big city with mass trans. It cost a lot to get around that city and I really do think it should be free. Tax money can be spent on a never-ending list of things, but allowing people to use a train or a bus for free has to be a sign that the culture is on the “right track.” And free bikes in Chicago wouldn’t have solved the problem. Yiks, I’m starting to sound like a socialist.

  • zosa

    RFID is not the inherent problem here, IMHO…it is the use by the transit authority of a non-encrypted standard for transactions that have monetary value.

  • madjo

    @#10, dculberson, right now, it’s just a handful, but this hack could become so easy to do, that everyone could do it.
    What the hack basically is, is make a clone copy of the pre-paid card. Then use it during transit, and later put the copy back, making the amount back to its original state, meaning you have a full card again.

  • madjo

    The transport authority of Rotterdam ‘RET’ said in a statement today that the card will remain in use, despite all the complaints and the hacks.
    That’s either a show of guts, or sheer stupidity.

    Also from the CPB came the statement that the travelling records (and more) of every traveller is stored for 7 years. Scary!

  • dculberson

    What’s the big deal if a handful of people can spend a bunch of time and money and get “free” train rides? For the transit company, it would probably cost more if they made it more secure versus just letting some freeloaders on – who risk fines or jail if caught.

  • remmelt

    #8, zosa: it’s encrypted alright, but mostly through obscurity, or at least that’s what we think…

  • Anonymous

    it is like “Little Brother” come to life…