About The Blog

Debate at the intersection of business, technology and culture in the world of digital money, both commercial and government, a blog born from the Digital Money Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Micropayments and revealed preferences | Main | Elf regulation »

Not really a classic

By Dave Birch posted Aug 15 2008 at 8:54 AM

[Dave Birch] The ramifications of the MiFare classic shenanigans that we have discussed here before continue to widen.

NXP said that the decision meant that affected parties such as system integrators and operators using MIFARE chips would likely want to review their systems, but that October was not long enough to deal with the problem properly.

[From Oyster card ‘free travel’ hack to be released | IT PRO]

NXP were right to point out that not every single card everywhere in the world needs to be replaced instantly, but our original conclusion that many schemes would need to start planning their upgrade route right away has turned out to be entirely justified. The story is a salutary parable about the benefits of "open" versus "closed" security, with a dash of hubris thrown in, and the need for long-term planning with these kinds of secure transaction systems. You might, by the way, be interested in this Channel 4 News segment on the Oyster card in London, which includes interviews with our friends from Royal Holloway and The Smart Card Group.

But the reason that I was thinking about MiFare again was that, in the best tradition of British journalism at its very finest, the headline of The Daily Express yesterday was "Thieves Crack Chip and PIN Bank Accounts". OMG! It's the end of money as we know it. Someone has "done a MiFare" on cards that I thought were economically secure! As soon as I saw this headline on the newsstand at the station, I immediately put my hand into my pocket and pulled out my iPhone and looked the story up on the interweb. It was rubbish. "Thieves crack" -- no, they didn't crack anything -- "Chip and PIN" -- no, they obtained PINs, the chips are untouched -- "Bank Accounts" -- no, counterfeit magnetic stripe cards used to make withdrawals from foreign ATMs, exactly the same story that has been discussed here ad nauseum. Yawn.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]


TrackBack URL for this entry:

Listed below are links to weblogs that reference Not really a classic:


It is mindblowing how the ramifications keep spreading and spreading. Hopefully things calm down soon!

The comments to this entry are closed.