Who Said Security Breaches Were Always a Bad Thing?
The BBC reports that the fare cards for two European public transportation systems have seen their first major security breach, but the hackers responsible are not your everyday criminals. Researchers from the Radboud University in the Netherlands discovered an all too easy way to create copies of the card which could ultimately provide free transportation to anyone who can access one. The researchers never had the intention of using their knowledge to take advantage of the transportation system but maker of the card’s chip, NXP, has been fighting to prevent the information release fearing the worst from those who might get their hands on the information. The researchers aimed to publish their results, along with the process of copying the card’s chip, in time for a security conference to be held later this year.
Lead researcher Bart Jacobs insists the knowledge must be shared to prevent further breaches of this nature but NXP responded by filing an injunction to stop the university. Representatives from NXP point to the inability of the systems currently utilizing their chip to make rapid enough changes to hold off on abuse of the system. Currently, the chip is being implemented in fare cards all over the world, primarily in Europe, and estimates of its usage stand at 1 billion. Smartcards were developed in order to provide easier, less expensive access to public transportation for frequent travelers, but with users getting their hands on fraudulent cards, the whole system could be damaged.
Despite NXP’s warnings, a Dutch judge has just ruled that the Radboud researchers work will be published and distributed at the upcoming conference. To add insult to injury, the judge after overturning the injunction, declared,
“Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings.”
It is clear that this judicial system believes those who have brought injury upon themselves deserves no mercy. Researchers along with security officials throughout Europe are praising the judge’s decision claiming that in the long run, exposing the flaws in classified information will lead to a system much less susceptible to a security breach.