Travel Pass System Hacked

From the OV website the caption reads “Coming Soon to the whole of the Netherlands; click here”

There is a long running project to introduce a universal secure travel pass in the Netherlands known as the OV Chipkaart. It functions much like the Oyster card in the UK, tracking your journey based on when you enter and leave a closed system, and with “auto top ups” available.

Only it turns out that the chip card itself is not secure. Vulnerabilities were discovered late last year, at a level where you could get free travel, delaying further roll out of the project. I think it’s available in Rotterdam based on the pilot, but it was due to be available here in Amsterdam in January. The barriers and scanners are in place in the metro stations, and have been installed on buses and some trams.

According to the Algemeen Dagbad (translation mine) “it is still not clear what the costs might be to resolve this problems with the OV card. There will be more clarity by the end of February to ‘repare’ the pass”.

So millions have been spent installing the system and the infrastructure, and no-one did a vulnerability check? No-one did any really tough testing on the security?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s