road toll transponder hacked

Matt Blaze mab at
Tue Aug 26 10:52:58 EDT 2008

On Aug 26, 2008, at 10:15, mheyman at wrote:

> On Tue, Aug 26, 2008 at 9:24 AM, Perry E. Metzger  
> <perry at> wrote:
>> From the article: "other toll systems, like E-Z Pass and I-Pass, need
> to be looked at too"
> A couple years ago I got a letter from E-Z Pass a few days after I
> used my transponder in my new car without registering my new car. They
> gave me a grace period to register before making me pay some sort of
> penalty.
> So, I believe, at least for E-Z Pass, the attack would have to include
> cloning the license plate and pictures may still be available whenever
> a victim realizes they have been charged for trips they did not take.

I believe that's correct.  In fact, the plate recognition technology  
use seems to be good enough to make the transponder itself redundant.
I know several people with E-Z Pass who disconnected the internal
battery of their transponder (out of concern that there might be
hidden readers around town that track vehicles at places other than
toll gates).   Even with dead transponders, their accounts are still
charged accurately when they pass toll gates.  (The sign displays "EZ  
not read" or some such thing, but the account is debited within a day
or two anyway).


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list