News 
 Local News 
 News 
 General 
 Myki cards flawed, to be replaced 

Myki cards flawed, to be replaced

BY DAN MOSS
12 Oct, 2011 11:20 AM
dmoss@fairfaxmedia.com.au

Tw itter: @dandotmoss

MORE than 1.1 million Myki cards are set to be phased out as hackers have found a method of cloning the tickets.

Myki manufacturers NXP has recommended users upgrade to the newer, 2008 swipecard, the MIFARE DESFire EV1. The Transport Ticketing Authority has said it will replace Myki with the more secure card, but has not said when.

TTA financial reports state the authority has $22.8 million worth of tickets in stock — which could include metcards and single-use Mykis — but this figure was written down this year to $8.1 million after the decision to scrap short term Myki tickets worth $14.1 million.

German engineering academics David Oswald and Christof Paar, both from Ruhr Universitat Bochum, have been studying how to hack into the card and claim their research forced NXP to discontinue the Myki card. The scientists are studying the cards as part of their cryptography research.

Mr Oswald said the duo have been researching hacks for the newer EV1 card but ‘‘so far, we could not find any similar problem for this card’’.

TTA chief executive Bernie Carolan said the hacks didn’t force the authority to replace the cards.

He has assured the public ‘‘don’t need to worry about the security of their Myki card.’’

‘‘There is no reason to assume any cards will become wasted or inoperable,’’ he said.

Mr Carolan said transport users are safe because Mykis hold limited information — only the card balance and the last 10 transactions. No personal information is held on the card.

‘‘The TTA, through its contractor Kamco, has already begun developing a migration strategy to a newer version of chip, the MIFARE DESFire EV1,’’ Mr Carolan said.

But Mr Oswald said under certain circumstances a reprogrammed card can be used to gain a free ride on public transport. But security measures may mean the card can be used only once before it’s banned from use, he said.

He said cards can be cloned at home and the process took seven hours, but could be reduced to three or fewer with practise and better expertise. The cloning equipment costs about $3000.

He said with the current method, cards can’t be cloned in public, on a bus for instance, but that Mykis are readable from about 25 centimetres away.

NXP has said its newer EV1 card is still compatible with older card readers.

Mr Carolan said the value on cards can not be increased using this method.

Print
Increase Text Size
Decrease Text Size

comments


Date: Newest first | Oldest first
It would be cheaper with less fare-skippers to put 2-3 F/T conductors back on the trains with ticket machines on their hips. Just saying.
Posted by Dean, 12/10/2011 12:17:09 PM, on Melbourne Times Weekly
Anyone want to go thirds with me in the cloning technology???
Posted by Faraday, 12/10/2011 12:29:57 PM, on Melbourne Times Weekly
This article is sensationalist. It wasn't hackers, it was researchers at a German University who recently published a paper.

There hasn't been an instance in using this in the wild and it was classed as a very low risk.

It's not limited to Melbourne's Myki implementation either, the technology is one of the more popular forms of electronic ticketing used in the world.


Posted by ThatGuy, 12/10/2011 1:10:09 PM, on Melbourne Times Weekly
Umm, they are either "hackers" or "German Engineering Academics" - they can't be both!

If you are trying for the sensationalist line, try and be a bit more accurate - or at least consistent - in your reporting.

Posted by Getitright, 12/10/2011 1:53:22 PM, on Melbourne Times Weekly
If the Myki can be read from 25cm away, why do I have to press and hold my card against the reader?
Posted by myki mess, 12/10/2011 3:03:18 PM, on Melbourne Times Weekly
myki just a failure and wasting our money... I don't see any benefits with myki, now I see that Government need to spend more money to investigate and renew the system.
Posted by RC, 12/10/2011 3:06:42 PM, on Melbourne Times Weekly
This 'hack' isn't particularly new and the risk is the operator not 'innocent' users.

The proof of concept is over a year old, so it's not new news, and many smart card systems are affected - the largest being London's Oyster.

This article is just another excuse to put the boot into Myki.

But these cards are used in other applications like building access control, where cloning could really be a serious problem if the site is working on something that needs to be kept under wraps and the 'bad' guys copy a few access cards.


Posted by Matthew, 13/10/2011 9:30:38 AM, on Melbourne Times Weekly
>>>If the Myki can be read from 25cm away, why do I have to press and hold my card against the reader?

Power consumption. The further away the cards are read, the more power they consume and the more susceptible they are to noise and interference. Also if the range was increased people could unintentionally touch off, esp. in a crowded bus.

What is ridiculous is that we have to wait a full second for the readers to respond. I've seen plenty of other systems using similar technology which respond instantaneously (i.e. in <100ms)

Posted by R, 13/10/2011 6:42:25 PM, on Melbourne Times Weekly
"Mykis are readable from about 25 centimetres away"??

The Myki barely reads when standing at the barrier. They should be more sensitive and it should not cause a back up of people touching on and off to get in or out of the station. I've never seen longer lines.


Posted by laineybird, 10/04/2012 2:03:10 PM, on Melbourne Times Weekly

post a comment


Screen name  *
Email address  *
Remember me?
Comment  *
 
We invite and encourage our readers to post comments. Comments are moderated and will appear as soon as our editor has approved them. When posting comments you agree to be bound by our Terms and Conditions.

Most popular articles

1.  Blue steel: Morris confident he's right ...
2.  Kiwi threats bounce off Tamou but ...
3.  Melbourne Uni Soccer Club won't let ...
4.  A mermaid's tale
5.  Five reasons why Essendon can win the flag
6.  Storeys cut short after battle
7.  Coach hopes to drum up support for boat ...
8.  Wheels in motion
9.  Myki off the rails, academic says
10.  Preview: Cherry, Cherry

Melbourne Times Weekly


Melbourne Times Weekly







Weather brought to you by:

Weatherzone

Navigate

Home
News
Sport
Opinion
Weather
Community
Classifieds
About Us

Classifieds

Jobs
Real Estate
Cars

Front Page

Current Issue
Privacy Policy | Conditions of Use | Advertising Terms | Copyright © 2012. Fairfax Media.
 SEND...
Email a FriendEmail a friend
 SAVE...
FavouritesFavourites
Del.icio.usDel.icio.us
 SHARE...
FacebookFacebook
DiggDigg
StumbleUponStumbleUpon
MySpaceMySpace
RedditReddit
NewsvineNewsvine
LinkedInLinkedIn
KwoffKwoff
TwitterTwitter