NHS smartcard hacking detail can be published

Hackers could soon gain improper access to NHS car parks, after a Dutch court ruled that documents explaining how to hack into an NHS smartcard could be published.

Academics at Radboud University in Nigmegen discovered weaknesses in the Mifare chip that is used in 1 billion smartcards worldwide.

Smartcard company NXP fought for an injunction to prevent the information ever being published.

But the Dutch courts said that would breach laws protecting the freedom of expression, and have allowed a report to be published.

'Damage to NXP is not the result of the publication of the article,' the ruling said, 'but of the production and sale of a chip that appears to have shortcomings.'

The publication will make it easier for hackers to produce fraudulent smartcards to fool networks like London Underground's Oyster Card System.

But NHS IT agency Connecting for Health stressed that fake Mifare chips could not be used to access systems such as the summary care record.

Although the NHS smartcard 'does have a Mifare capability,' a spokesman said, 'it is not used (to access) the Care Record Service or any of the National Programme for IT applications.'

But she added that local NHS organisations can use the chip to allow staff to access other services. These could include vending machines or car park access.

jonn.elledge@haymarket.com

Comment below and tell us what you think

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Register

Already registered?

Sign in

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus