London's Oystercard Gets New Contract, But Same Suppliers 143
nk497 writes "Over the summer, the London travelcard ticketing system — called Oyster — fell over twice, forcing the transport authority to offer free travel to the six million Londoners using the system. After that, it cut its contract with the supplier of the system, a consortium called TranSys. But now, Transport for London has signed a new contract to replace the TranSys one — with the same two companies that made up the TranSys consortium. Sure, that should fix everything."
Two Things: (Score:5, Informative)
2) The renegotiated contract includes 'significant savings'.
Sounds like the government decided five nines wasn't as important as cutting the bill in half... as well as one of the former parties to the contract. ;)
FYI (Score:5, Informative)
TranSys is a consortium of four global companies:
UK transport a disgrace (Score:4, Informative)
Comments here that gripe about the UK, always seem to focus on privacy and the state. But transport in London and the rest of the UK is our real embarrasment.
Entirely foreign owned, manned by minimum-wage slaves who can't speak a word of English and run by greedy, grossly incompetent asshats the UK public transport system is a disgrace. It's a dirty, unreliable, overcrowded, polluting, expensive, piss poor apology for a public transport system. On a good day.
Roads and railways close at random. Everything is at a halt while speed cameras, penalty travel fines and congestion zones rob any traveller of money to feed the machine. We have a war on travel in the UK.
It has a staggering downtime. On any random day, particualrly at weekends, you will find whole subnetworks of the UK public transport system closed off due to 'engineering works'. You'll often get stranded in some back of beyond town and need to hire a taxi, hitch-hike, sleep in a hotel (or if you have no money in a station). Surely no other system in the world is this much of a fucked up, crumbling mess.
The airport and railway authorities are laws unto themselves, still wielding ancient bylaw legislation from the days when it was a National state run transport system. Passengers are just unwanted cattle. The fare structures are unfathomable, even if you have a degree in maths and logistics just try working out the best ticket to buy. They change the names of products and prices at random to stop any customers or intermediate sellers getting settled. They misrepresent contract law, making specious pseudo-legal announcements telling lies about where and when you must buy a ticket in order to maximise their profits. Station staff who could once help you have been sacked and replaced with machines and ticket barriers.
Lord only knows what it costs our economy! The UK government and the private companies that run our roads and railways are a complete and utter failure at transport policy. I honestly think they have an agenda to halt the entire country and make sure everyone stays in their homes.
Re:Damaged RFID cards (Score:3, Informative)
Unless I'm misunderstanding, it's not writing to them, it's overloading them. RFID works a bit like a crystal set radio, they're powered off the transmission and use that power to transmit a signal back. Transmit a powerful enough signal to them, and you fry the chip.
Re:Damaged RFID cards (Score:3, Informative)
A casual look at wikipedia [wikipedia.org] reveals the following:
The system is asynchronous, with the current balance and ticket data held electronically on the card rather than in the central database. The main database is updated periodically with information received from the card by barriers and validators. Tickets purchased online or over the telephone are "loaded" at a preselected barrier or validator./quote
Re:I get the impression that (Score:5, Informative)
Re:Tracking (Score:3, Informative)
Re:Damaged RFID cards (Score:3, Informative)
Rule 1: Never trust the client.
Rule 2: Never trust the client.
Rule 3: Never, ever, ever, trust the client.
This is a good rule when the customer can do whatever he wants with the client, including reading and modifying values in memory. So this is true for PCs. Smartcards are different in the sense that they are designed to prevent the customer from accessing and modifying the content of the card. Of course, given enough time and money, everything can be cracked. Now, in some cases it is possible that the convenience of storing the data locally, in the chip, outweighs the risks. The people in charge of the deployment of the Oyster card misjuged the risk associated with Mifare cards and are now paying the price.
Anyone with an RFID reader/writer and enough time could modify their card to report whatever balance they want.
This is only true for Mifare Classic cards, which is the type of cards used in London. Transportation systems that do not use Mifare Classic cards are totally unaffected by this hack.
Oh wait, it already happened. It's why the old company was being dumped.
Actually, they aren't. It seems that they only dumped two consultants. Furthermore, the company that manufactures the Mifare cards (NXP) was not even a part of this consortium. Also the company in charge of the procurement of the card is still there. Finally, switching to another type of card would be extremelly expensive. They are simply going to use the newer Mifare Plus cards that relies on 3DES. Mifare cards with support for DES and 3DES have been available for a while, it's just that they are a bit more expensive than Mifare Classic cards.
Re:Damaged RFID cards (Score:3, Informative)
The first link is related to the Mifare hack. Mifare cards are insecure, this has been known for a long time. Now I will grant you that the response from the MTBA and NXP have been distateful but predictable.
The second link is an "Analysis of an Electronic Voting System" so it has nothing to do with the security of smartcards per se. If Diebold doesn't know how to implement a secure voting system, this cannot be blamed on smartcards.
The third link points to a PR from the Smart Card Alliance ("a nonprofit industry body representing several large vendors of smart-card and RFID technologies") pointing out flaws in the government plans for RFID passports. That's a pretty responsible move for an industry body that's supposed to lobby on behalf on its constituents.
The last links is identical to the second link.
Re:Damaged RFID cards (Score:1, Informative)
Well, with a server-side solution, you just have to make sure that every turnstile can call a central server and process a transaction in less than 200ms. This includes the turnstiles in buses and in remote locations...
Or you have the turnstile trust the card temporarily, and then have it send the updates to the server in batches.
This way a hacked card can be used for a day or two, but when the server is updated the counterfeiting will be detected. You then send out a list of blacklisted cards (each card has a unique ID).
This is what NYC's MetroCard system does.
Re:UK transport a disgrace (Score:3, Informative)
I'd say that the vast majority of your post doesn't apply to the London transport system. I've visited a couple of times this year and was amazed by how efficient and useful it was. Everything seemed to be within walking distance of a Tube or DLR station.
Compare with Glasgow where the subway has never, ever been expanded from the single circle line, which doesn't really go anywhere now that the shipbuilding areas have collapsed. They've been talking about extending it for a while now but nothing seems to be happening. And then there's Edinburgh... they're building a tram line, but whether there'll be the money or enthusiasm to build beyond the initial plans I don't know.
This made me chuckle. Those ticket machines are a godsend, it used to be that a lot of stations didn't have them, and the ticket office was closed 24 hours a day (Fife Circle I'm looking at you). Sometimes the ticket inspector would fail to make an appearance on the train too. In Edinburgh Waverley they have a ticket office on the train side of the barriers, so that you could buy a ticket just to pass the barriers.