road toll transponder hacked
Ken Buchanan
ken.buchanan at gmail.com
Tue Aug 26 10:30:45 EDT 2008
On Tue, Aug 26, 2008 at 9:24 AM, Perry E. Metzger <perry at piermont.com> wrote:
> Despite previous reassurances about the security of the system,
> Nate Lawson of Root Labs claims that the unique identity numbers
> used to identify the FasTrak wireless transponders carried in cars
> can be copied or overwritten with relative ease.
>
Nate hasn't disclosed details of the code that wirelessly overwrites a
transponder's ID. The temptation would be too great for many to copy
an annoying neighbour's transponder ID, and then drive through a busy
mall parking lot cloning it onto every transponder in proximity.
As mentioned in the article, the vendors have claimed it was
read-only, even though it uses flash memory (I guess technically they
could cut the write line in manufacturing, but realistically that was
highly unlikely even before Nate did this work). I would speculate
that they just looked at the high level design, which didn't contain
any specifications for features to write to memory, and decided that
meant 'read-only'. In the meantime, the implementers don't see any
harm in adding a few extra features *beyond* what is in the design
(viz.: the overwrite code) especially where that might be useful for
testing and diagnostics.
As an aside: Isn't it noteworthy how much less press this has gotten
than the Boston subway hacks, even though it is (IMO) of much greater
severity? There might be a lesson there for the Massachussetts Bay
Transit Authority.
Ken
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list