(Page 2 of 2)
By copying the IDs of the readers, it was possible to activate the transponder to transmit its ID. This trick doesn't have to be carried out on the highway, Lawson notes, but could be achieved by walking through a parking lot and discreetly interrogating transponders.
What's more, despite previous claims that the devices are read only, Lawson found that IDs are actually stored on rewritable flash memory. "FasTrak is probably not aware of this, which is why I tried to get in touch with them," he says. It is possible to send messages to the device to overwrite someone's ID, either wiping it or replacing it with another ID, says Lawson.
"Access to a tag number does not provide the ability to access any other information," says MTC's Rentschler. "We also believe that significant effort would need to be invested in cloning tags." He adds, "If any fraudulent toll activity is detected on a customer's account, the existing toll-enforcement system can be used to identify and track down the perpetrator."
Lawson says that using each stolen ID just once would make it difficult to track down a fraudster. A better solution, he believes, would be to require toll readers and transponders to carry out some form of secure authentication. But this would require changes by MTC. As an alternative, Lawson is working on a privacy kit to let drivers turn their transponders on and off so that they are only vulnerable for a brief period as they pass a toll.
There is another way, he says. "It's probably in the user's best interest to just leave it at home." This is because FasTrak uses license-plate recognition as a backup.
Ross Anderson, a professor of security engineering at Cambridge University, in the U.K., says that "very many embedded systems are totally open to tampering by anyone who can be bothered to spend some time studying them."
Competent use of encryption is the exception rather than the norm, Anderson adds, and the situation is unlikely to change soon. "One industry after another is embracing digital technology, and none of them realize that they need computer security expertise until it's too late and they get attacked," he says.
Bruce Schneier, chief security technology officer at BT, based in Mountain View, CA, says that it is too easy for companies to get away with lousy computer security. "Honestly, the best way is for the transportation companies to sue the manufacturers," he says. "Then they'll think twice about selling shoddy products in the future."
Sending false signals to GPS receivers could disrupt critical infrastructure.
In the category of "More bogus paranoia"
You may have been able to change the identity in your RFID tag, but most toll facilities (at least in the NY area where I drive) have cameras that capture both the vehicle and the driver.
If someone checks their bill, wonders how he could be driving in another part of the state and complains to the toll authority, it's a relatively simple matter to undertake a proper investigation.
Unless the perpetrator is prepared to also change the license plate, and make, model and color of his vehicle, he stands a fair chance of getting a visit from the Fuzz.
You've also the problem of stumbling upon an in-use ID, unless you have a portable RFID pinger set to the right frequencies and protocols.
In the end, this is hacker geek stuff, not the nightmare of mass toll anarchy. I can't wait for the first guy to get caught and the resulting national news whip-saw! You read it here first!
Dr. Orbis
Oh come on, this isn't that difficult to get away with. You go through a parking lot with a reader, and swipe every toll number you find. Then you modify your own transmitter to simply cycle through this huge list of numbers at random. Odds of getting caught on this, next-to-zero. Because who notices one extra toll on their account from time to time.
This is an easy case for a fraud detection scheme. Simply scan for transponder matches where the distance between scanners exceeds the possible travel distance at a reasonable(<100MPH)speed. Match transponders to vehicle license plates and arrest the mismatch.
They give you an anti-static bag.
Actually I have one of those FastTrak and they send you a anti-static bag to block out the signals for a voluntary project where they measure how fast you go between two points so they can show how fast traffic is going. If everyone does this then the only place to get the FastTrak ID is near the toll plazas so the thieves will be hanging around those locations. However, the California Highway Patrol likes to have many units at the toll plaza to clear up traffic accidents and to get toll jumpers also so it would be interesting so see what happens.
There are ways to protect yourself
There are a lot of people already protecting themselves from these type of crimes by installing a gps tracking device in their own vehicle.
Obviously, there are other reasons for this too, such as, theft protection and recording mileage for tax purposes. However, for the point of this article, an innocent victim can prove their vehicle was no where near a toll, contrary to any overwriting of a FastTrack device.
Instead of worry about sucking every dollar of toll out of you, the road authority should be building better roads. Here is the break down of effort by the road authority.
80% spent on getting money
10% spent on building roads
10% talk about how they are going to improve thing.
I have seen more accident at toll booths than at any other part of the highway.
If people want to rip of the road authority, to bad for them, they are not doing their job anyways. !
Brian Glassman
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
lkrndu
36 Comments
Aluminum Foils Eavedroppers
There already IS a FasTrack user privacy system: a sheet of aluminum foil.
Wrap the transponder in aluminum foil and it's isolated from any intercommunication.
Reply
Erica Naone
70 Comments
Re: Aluminum Foils Eavedroppers
I happened to speak with Nate Lawson at Black Hat on this subject, and he mentioned to me that the aluminum foil wrapper is a problem, as far as he's concerned, because taking the transponder in and out of the foil while driving seems like a potentially dangerous distraction for the driver. We also discussed opt-in versus opt-out systems of privacy. The foil is an example of an opt-out system -- the user has to actively protect her own privacy by remembering to wrap the transponder after using it. It's my opinion that an opt-in method, on the other hand, such as the privacy kit Lawson is working on, leaves the user more protected in the end.
Reply
grimmy
1 Comment
Re: Aluminum Foils Eavedroppers
I think he meant that the driver should affix the transponder on his head and a tinfoil hat on top; that should be quite easy to remove and replace when needed.
Reply