So Melbourne is investigating an electronic tag based ticketing system for public transport called Myki (presumably meant to be pronounced My Key and not mickey), and in an interesting coincidence Bruce Schneier reports a successful attack against a Dutch ticketing system that’s about to be deployed:
The first reported attack was designed by two students at the University of Amsterdam, Pieter Siekerman and Maurits van der Schee. They analyzed the single-use ticket and showed its vulnerabilities in a report. They also showed how a used single-use card could be given eternal life by resetting it to its original “unused” state.
The second attack is a reverse engineering of the crypto algorithm through a physical attack on the circuitry which will be a jumping off point for further attacks, I guess.
I wonder how long it’ll take for the Melbourne system to be similarly compromised ?