The Transport Ticketing Authority (TTA) of Victoria will replace myki smart cards with the more secure Mifare DESFire EV1 version touted to be invulnerable to cloning.

Myki manufacturer NXP urged users of the Mifare DESFire MF3ICD40 cards to upgrade to the new myki after two German students researching on the public transport smart card's vulnerability to hacking, learned that it can be cloned.

David Oswald and Christof Paar of Ruhr Universitat Bochum came up with a research paper saying the myki secret keys can be accessed by analyzing the card's electromagnetic radiation emission with a $3,000 cloning equipment. A reprogramming can then be done to fake the balance so the cloner can use the card for a free ride on public buses and trains.

The two also tried to hack the EV1 card but found no vulnerability so far.

TTA chief executive Bernie Carolan, however, clarified that the findings did not prompt the authority to replace the card and some 1.1 million cards circulating will not be recalled. He assured that myki cards will not be rendered unusable and stored information are not personal.

"No personal information is stored on a myki card. Only the card balance and the past 10 transactions are held on the card. If one of the 10 previous transactions was a top up, no banking details are recorded on the myki card, just the amount added," said Carolan, according to ZDNet.com.au.

Nonetheless, the NXP said it will discontinue the Mifare DESFire MF3ICD40 cards by the end of the year. Kamco, the contractor of the myki system, is also developing a way on switching to the new card, according to Carolan.

The myki card is used for riding public transportation in Victoria.