So Melbourne is investigating an electronic tag based ticketing system for public transport called Myki [1] (presumably meant to be pronounced My Key and not mickey), and in an interesting coincidence Bruce Schneier reports a successful attack [2] against a Dutch ticketing system that’s about to be deployed:
The first reported attack was designed by two students at the University of Amsterdam, Pieter Siekerman and Maurits van der Schee. They analyzed the single-use ticket and showed its vulnerabilities in a report. They also showed how a used single-use card could be given eternal life by resetting it to its original “unused” state.
The second attack is a reverse engineering of the crypto algorithm through a physical attack on the circuitry which will be a jumping off point for further attacks, I guess.
I wonder how long it’ll take for the Melbourne system to be similarly compromised ?
