Dutch RFID transit pass cracked and cloned

Melanie Rieback, who worked on the RFID Guardian, sez,

Roel Verdult, an MSc. student from the Raboud University of Nijmegen,
used an RFID tag emulator to perform a successful practical relay attack
on the single-use OV Chipkaart (the Dutch RFID public transportation card), that uses MIFARE Ultralights (no crypto).

There's a video of the relay attack available. The video speaks for itself.

Roel used a homemade tag emulator that was modeled after Kfir and
Wool's "ghost and leech", to perform a simple relay attack. However,
anyone can perform the same attack using the RFID Guardian, whose HW/SW
is freely available.

PDF Link