From Hack a Day:
The transponders and readers perform no authentication. Someone could wander through a parking lot with an RFID reader and pick up the ID of every tag in the lot. They could then write their own transponder with the stolen IDs. Here’s the really bad part: the transponders support unauthenticated over the air upgrading. You can force any transponder to take on a new ID. An attacker could overwrite every tag passing a certain intersection and cause havoc in the toll system. Some have suggested that there are IDs in the system that are unbilled, since they’re assigned to administrators; these would be especially attractive to thieves.
How do we fix this system? Here’s the problem: the system is defined by California law. An update to the way things are done would take legislative action.
Sounds kind of fucked. The post also discusses the issue with being tracked/logged via FasTrak, the one big reason why I never got one when I still had a car.
Photo by Jeff Keyzer.
5 Comments
Fastrak is admittedly one of those systems I knew worked on a technology I inherently distrust, but didn’t put too much thought into for this very reason. I notice I beep now when I enter Sacramento And San Francisco airports, and that really bothers me.
I’ll be interested to pick up one of those circuits though…
N. had told me recently that the Fastrak system at toll gates works by visual ID of license plates, not by the transponder itself. And it’s true that when you go through and your transponder doesn’t beep, you still get charged the $4 toll; and if you have no account, you get a ticket; and the fact that you can’t borrow someone else’s transponder and use it in a car not registered to that account. (From the Fastrak site: “Be sure to enter the license plate numbers for all of your vehicles. Sometimes the machine fails to read your transponder when you pass through. If your license plate is registered, the system will know to bill your account regardless. If your plate is not registered, you’ll get a nasty bill in the mail!”)
This came up in that I seem to have lost my transponder after Corolla was totaled (no activity on my account, I think it’s lost in my apt somewhere); N. recommended I change the acct info to reflect new car/license plate # and forget about having a transponder in the car entirely. If the above is true, then who cares if someone has cloned my transponder? It’ll mess up the traffic movement info they collect somewhat, and will put my car in their system in locations and times I couldn’t possibly be in, and that’s it.
Anyway, I’m going to check this out and report back. I could be entirely wrong — we’ll find out soon :)
You’re right on the camera plate thing, but I would think after a few trips through the toll plaza, they’d get a hold of you and figure out why their system isn’t working. There’s also the point that they do have cops that sit next to the toll plaza and get radioed when someone does speed through without FasTrak knowing about it.
Nicole is correct here’s Nate Lawson’s post with link to the paper he did wrote (which hack a day was covering):
http://rdist.root.org/2008/08/06/fastrak-findings-are-serious/
Yeah, it sucks. I’m like in that I don’t trust it but I have one nonetheless and I just try to not think about it. They save so many hours of my life, it’s just worth it.