Oyster cards, the high-tech RFID swipe cards used to gain access to the London Underground, have been pwned.
I wanna replace the Schneier's words : "when will people learn not to invent their own crypto?". The company used a proprietary encrypt algorithm preserving the security through algorithm obscurity.
"The research team was able to obtain the card's proprietary encryption scheme by physically dissecting its chip and examining it under a microscope. They then photographed various levels of its circuitry and used optical recognition software to produce a 3D representation of the entire chip. By examining the logic gates in great detail, they were able to deduce the proprietary algorithm, which NXP dubs Crypto1."
Here the entire paper.
Via Bruce Schneier blog.