Ricoh Arena cashless system based on hacked technology
The new ‘cashless payments’ system installed at Coventry City’s Ricoh Arena for the start of the 2008/2009 season uses a weak and already compromised technology, ccfc.nu has learned. The system, known as Mifare, is also used in Transport for London’s Oyster Card system, and was supplied by German contractor Payment Solution AG.
A paper detailing the exact methodology for exploiting the weakness in Mifare Classic is due to be released at a security conference in October. The exploit allows an attacker to easily clone another individual’s card using a wireless ‘sniffer’ device, allowing them to use a cloned card as if they were the original owner.
ccfc.nu has contacted Payment Solution AG and Coventry City FC for further comment on the subject, including whether or not the new club season tickets also use the Mifare system, exposing season ticket holders to additional vulnerability. As yet there has been no response.