The Guardian reports that London’s Oyster transit card may have been hacked by a group of Security researchers at Radboud University in Holland.  The hack allows an attacker to clone the Oyster card’s RFID chip after cracking its encryption in just a few seconds.  This is the latest in a series of Mifare smartcard hacks which have compromised European transit card systems in the last year.

It’s interesting to note that the authorities are not considering the hack to be a serious threat.  London Transport has claimed not only that they can detect fraudulent use within 24 hours using checks in software (a level of security often ignored by hardware hackers), but that a criminal could gain at most about £3 per cloned card.  As such, the incentive to clone Oyster cards probably isn’t that great.  One point which the article does not highlight and which is perhaps more concerning from a privacy standpoint, however, is that London Transport collects and can process data on 38 million journeys per week to identify individual instances of fraudulent use (and who knows what else?).