What are the security risks in Barclaycard OnePulse?
Peter Tomlinson
pwt at iosis.co.uk
Fri Jun 19 21:16:10 BST 2009
Mary Hawking wrote:
> In message
> <mailman.6.1245307661.14181.ukcrypto at chiark.greenend.org.uk>,
> ukcrypto-request at chiark.greenend.org.uk writes
>
>> jul kornbluth wrote:
>>> Hi everyone.
>>> Does anyone know whether the Oyster part of the card, which I assume
>>> works on RFID principles, can communicate data with the Chip or the
>>> magstripe of the credit card, or are the two completely seperate
>>> media unable to cummunicate with each other.
>>> Jul Kornbluth
>>> Health eCard
>> Allegedly, the single chip in OnePulse has built-in protection to
>> separate the Oyster function from the other functions. The chip is
>> related to the chips used in passports, from a chip family that hosts
>> multiple applications, can have Mifare Classic emulation, and can
>> have both contactless and contact interfaces. And its about the same
>> computing power as mid range 1960s mainframes...
>>
>> Peter
>
> Thanks all.
> There seems to be some doubt about security and communication - and I
> don't have a business need for an Oyster card.
> I'll try telling Barclaycard that I'm sticking with the previous
> version..
> Mary
The doubt is unfortunately because of the usual problem with banking:
secrecy about security. Until, that is, we start to make private sector
service providers submit to expert, independent security audits and also
exhibit accountability when using technology (amd also stop unsolicited
distribution of gee-whiz gismos)...
Peter
More information about the ukcrypto
mailing list