This is getting embarrassing… Yesterday Roel Verdult of Nijmegen’s radboud university demonstrated on Dutch television (WMV or Youtube) how he hacked the disposable RFID public transport card. Roel created a small device called ‘ghost’ that is capable of cloning disposable cards and re-use them over and over again. Total hardware costs around 40 euro. And Roel thinks as soon as the German researchers release their information on Mifare classic, the ‘more secure’ subscription tickets can also be cloned . Some english information from his hand is available here (pdf).
This is the second time this card is hacked in a short time, yet the designers of the system (translink systems) say there is nothing to worry about, and the system still is ‘very secure’. *sigh*.
Talking about depressive: some information just came out about privacy issues with the OV Chipkaart (WMV). All travel data is stored for seven(!) years. And the stored data is ‘not very well protected’ ….
I’ll run to a station tomorrow to buy one of those cheap cards to play with, considered the statements of Translink they are ready to say goodbye to this one…
How is ‘very secure’ this system if this card is hacked in a short time ? The stored data just came out about privacy issues with the OV Chipkaart ?!