EZ Pass and the fast lane ....

Ian Grigg iang at systemics.com
Fri Jul 9 16:54:58 EDT 2004 

John Gilmore wrote:
>>It would be relatively easy to catch someone
>>doing this - just cross-correlate with other
>>information (address of home and work) and
>>then photograph the car at the on-ramp.
> 
> 
> Am I missing something?
> 
> It seems to me that EZ Pass spoofing should become as popular as
> cellphone cloning, until they change the protocol.  You pick up a
> tracking number by listening to other peoples' transmissions, then
> impersonate them once so that their account gets charged for your toll
> (or so that it looks like their car is traveling down a monitored
> stretch of road).  It should be easy to automate picking up dozens or
> hundreds of tracking numbers while just driving around; and this can
> foil both track-the-whole-populace surveillance, AND toll collection.
> Miscreants would appear to be other cars; tracking them would not
> be feasible.

Well, I am presuming that ... the EZ Pass
does have an account number, right?  And
then, the car does have a licence place?

So, just correlate the account numbers
with the licence plates as they go through
the gates.

The thing about phones is that they have
no licence plates and no toll gates.  Oh,
and no cars.

> The rewriteable parts of the chip (for recording the entry gate to
> charge variable tolls) would also allow one miscreant to reprogram the
> transponders on hundreds or thousands of cars, mischarging them when
> they exit.  Of course, the miscreant's misprogrammed transponder would
> just look like one of the innocents who got munged.

What incentive does a miscreant have to
reprogram hundreds or thousands of other
cars???

> [I believe, by the way, that the EZ Pass system works just like many
> other chip-sized RFID systems.  It seems like a good student project
> to build some totally reprogrammable RFID chips that will respond to a
> "ping" with any info statically or dynamically programmed into them by
> the owner.  That would allow these hypotheses to be experimentally tested.]

Phones are great for spoofing because the
value can be high.  And, the risk of being
physically apprehended is low.  Cars and
toll ways are a different matter.

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list