Slashdot Mirror

← Back to Stories (view on slashdot.org)

California's Wireless Road Tolls Easily Hackable

Posted by timothy on from the no-sir-I-was-in-seattle-at-the-time dept.

An anonymous reader writes "Nate Lawson, a researcher at RootLabs, has found a way to clone the wireless transponders used by the Bay Area FasTrak road toll system. This means you can copy the ID of another driver onto your own device and, as a result, travel for free while others foot the bill. Lawson also raises the interesting point of using the FasTrak system to create false alibis, by overwriting one's own ID onto another driver's device before committing a crime. Luckily, Lawson wasn't sued before he could reveal his research, unlike those pesky MIT students."

8 of 354 comments (clear)

  1. cameras / scanners by j00r0m4nc3r · · Score: 3, Interesting

    I don't know about California, but in New England they have cameras that can match up a vehicle with a FASTLANE transmitter. It would not be very hard to also hook up license plate scanners. This seems like a crime with very little payoff, and huge chance of getting caught.

  2. No Authentication = Easy Crime by binaryspiral · · Score: 3, Interesting

    When you have the ability to send the same data over and over again without any form of authentication or obfuscation - yes, it can be copied and used by anyone else.

    There are ways to prevent this:

    Use a rolling code, like my garage door, key fob, and online banking fob uses.

    Use another form of authentication, like color of vehicle, plate number, or something else easily identifiable on the car.

    These are about as secure as my Speedpass fob that I can use to purchase fuel and snacks at Mobil stations. If its stolen, anyone can use it.

  3. Re:Cameras at every toll booth by cayenne8 · · Score: 4, Interesting
    "I mean, come on - I am against taking pictures of everything all the time, but the red light cameras are one where they are pretty foolproof at only taking pictures of scofflaws who are endangering everyone else. That seems to be a good thing."

    As the other poster said, there have been cases where the private company running these cameras weren't making enough money, and shortened the yellow light, or even rigged the cameras to take pics while light was yellow, but, showing red on the ticket. Studies have shown that in a VERY high percentage of cases, if they extended the length of the yellow light at troublesome intersections, that the number of people running red lights almost dropped to near zero.

    One of my other problems with the system here...was that the cameras aren't only taking pictures of light runners. They have still and full motion cameras...they showed a case of cars sitting there at a red, and a car going around the front one and running the light, all in full motion. That means the cameras are running all the time...I don't like that.

    I'd heard that someone was bringing suit against them in that they are unconstitutional in the state of LA...in that they aren't on every intersection, and the law states something like there has to be equal enforcement on all LA roads,etc.

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
  4. Anonymous clubs by bugnuts · · Score: 5, Interesting

    Perhaps this can be used to create privacy clubs, where they all travel on cloned cards and all share the bill. Their movements couldn't be tracked via this system as long as multiple people were using it.

    I hope this wasn't posted already... I searched the thread for "Anonymous" and then felt kind of silly.

  5. It's worse than that, Jim! by seanonymous · · Score: 3, Interesting

    When this story first broke a couple of weeks ago, they suggested a far more serious abuse than just taking someone's transponder ID as your own.

    It was suggested that the reading and reprogramming could be accomplished so quickly that one could set up an antenna near a busy highway and read IDs from vehicles while assigning them the ID of the previous vehicle.

    This would result in a huge shuffling of IDs that would be a bureaucratic nightmare for the state and a huge pain for FastTrac's customers. The state is trying to get as many people as possible to adopt this system, and a major hack like that could possibly reverse their momentum.

  6. Re:Cameras at every toll booth by repvik · · Score: 3, Interesting

    So you consider the use of licence plates for cars a slippery slope?
    There is a very visible difference between taking a stroll on the sidewalk and controlling a several-ton metal hunk at high speeds.
    I sort of agree with your sentiment, except that I percieve using a car on the road is a privilege, and strolling on the sidewalk a right.

  7. Re:sounds familiar by HungryHobo · · Score: 4, Interesting

    I'm waiting for anyone out there who doesn't like these systems to cause a little chaos.

    Imagine grabbing the ID of the mayor as he drives by(pretty damn easy) then it's just a matter of wandering through a carpark programming every tag with a matching code.

  8. Re:Cameras at every toll booth by rayzat · · Score: 3, Interesting

    My buddy had his truck stolen with EZ-Pass ( automatic toll payment system for those non-eastcoasters). He filled out the police reports and all the other crap. About a month later he realized the guys who stole his truck were still using his EZ-Pass driving around Jersey and they were going though the same toll boothes about the same time everyday. So he staked out the toll booth and at their usual time he saw them zip through the EZ-pass lane in his truck. So he went through himself and called the state troopers to report he found his stolen truck and it was on the turnpike. The cops were more concerned about whether he was using a hands free headset or not then getting the people who stole his truck. So he eventually followed the people to their house and called the cops again saying he was driving around and spotted his stolen truck, the cops said they would look into it. The next day he found they had done nothing so he drove up with another guy and stole the truck back with his spare key, which is when he learned it's a pain in the ass to get a car declared unstolen.