Oyster Card Hack released
However, Jacobs said the researchers had disclosed their findings to NXP in March, and were only now publishing the details to the wider public in October. Jacobs added that, because of the fresh publication of those findings, organisations using Mifare Classic could now make a solid analysis of security risks to their systems.
Bart Jacobs, the professor of computer security at Radboud University who led the research team, told ZDNet.co.uk on Tuesday that the security of the Mifare Classic chipset, used in Oyster cards and in the Dutch OV-Chipkaart travelcards, was completely ineffectual.
"The chip is fundamentally broken," said Jacobs. "The only thing you can do is strengthen it with additional security measures and improve overnight checks. People involved should migrate to different chips, unless their assets are only of low value."