London Oyster Card Chip Maker Seeks to Gag Security Boffins

Researchers claim NXP has had ample time to fix flawed chips.

MORE ON CIO.com

RFID: Thinking Outside of the Supply Chain

The World's Biggest Market for RFID Technologies Is China

Access passes and public transport system cards such as London's Oyster Card and the Netherlands' OV-chipkaart commonly use the Mifare Classic RFID chips, created by the Dutch chip maker NXP.

A judge is scheduled to hear the case on Thursday in Arnhem, the Netherlands.

A spokesperson for Dutch company NXP called publishing the results "irresponsible," but declined any further comment. NXP was spun out of Philips Electronics in 2006 and is based in Eindhoven.

The University of Nijmegen, author of the study, said that it will continue to pursue publication and is fighting the legal charges. In a statement, the university said that the study will allow other researchers to learn from NXP's mistakes.

The researchers also point out that they have left ample time for users of the flawed technology to replace their systems with more secure alternatives: They first demonstrated their findings last January and plan to publish this October.

NXP has received a draft of the report, after which it asked the researchers to refrain from publishing. The chip maker declined a request for arbitration, instead starting a legal procedure. The firm demands an injunction that prevents the report's publication as well as a gag order that prohibits the researchers from discussing their findings.

Several ministers in the past have encouraged and supported the publication. The Dutch ministry of internal affairs did not immediately respond to a request for comment by Webwereld, an affiliate publication of Computerworld UK.

Critics question NXP's legal offensive because there have been numerous publications about the flaws in the RFID (radio frequency identification) chip's security. Researchers at the University of Virginia released a paper detailing the chip's security last March and demonstrated their findings at the Chaos Computer Camp in December.

According to security experts polled by Webwereld, the information currently available suffices to copy proof-of-payment cards such as those used in public transport systems.

The chip's security flaws earlier this year prompted the Dutch government to issue an official warning and post security guards at government buildings.

Comments

More from IT Drilldown « Back to Security

Articles

Microsoft Promises to Stymie Hackers Next Week with New Patches

The Botnet World is a Booming World

New Spam Trick: Shortened URLs

IBM Security Software Masks Confidential Info

Verizon Helping Companies Assess Application Vulnerabilities

How to Use Electrical Outlets and Cheap Lasers to Steal Data

As Three Big iPhone Troubles Surface, Apple Dinged for Secrecy

France Creates New National IT Security Agency

Mobile Security ABCs

Get up to speed on mobile security.

Learn More »

Security Newsletter

Security MarketSpace

White Papers

5 Tips for Data Loss Prevention Solutions

RSA® The Security Division of EMC has identified 5 key considerations to help organizations simplify the evaluation process for selecting a DLP solution that is right for their business. Learn more »

Secure Training Videos to Prevent Theft

Learn how Dream Force extended their marketing reach without being constricted. Learn more »

Prevent Intellectual Property Theft

Learn what the key components were in Hock International's purchasing decision. Learn more »

Webcasts

Managing Client Systems in the Enterprise

Why Data Loss is Increasing--and What You Can Do About It

Maximizing the Business Value of the PC Infrastructure

Reduced IT budgets have CIOs hunting for ways to maximize their PC infrastructure, while saving money and IT staff time. Diane Bryant, CIO of Intel Corp., talks with CIO magazine's Gary Beach about how her organization is addressing these challenges. Learn more »