NXP said that the decision meant that affected parties such as system integrators and operators using MIFARE chips would likely want to review their systems, but that October was not long enough to deal with the problem properly.
[From Oyster card ‘free travel’ hack to be released | IT PRO]
NXP were right to point out that not every single card everywhere in the world needs to be replaced instantly, but our original conclusion that many schemes would need to start planning their upgrade route right away has turned out to be entirely justified. The story is a salutary parable about the benefits of “open” versus “closed” security, with a dash of hubris thrown in, and the need for long-term planning with these kinds of secure transaction systems. You might, by the way, be interested in this Channel 4 News segment on the Oyster card in London, which includes interviews with our friends from Royal Holloway and The Smart Card Group.
