road toll transponder hacked
Dustin D. Trammell
dtrammell at bpointsys.com
Tue Aug 26 11:56:09 EDT 2008
On Tue, 2008-08-26 at 10:52 -0400, Matt Blaze wrote:
> On Aug 26, 2008, at 10:15, mheyman at gmail.com wrote:
> > So, I believe, at least for E-Z Pass, the attack would have to include
> > cloning the license plate and pictures may still be available whenever
> > a victim realizes they have been charged for trips they did not take.
>
> I believe that's correct. In fact, the plate recognition technology
> they
> use seems to be good enough to make the transponder itself redundant.
> I know several people with E-Z Pass who disconnected the internal
> battery of their transponder (out of concern that there might be
> hidden readers around town that track vehicles at places other than
> toll gates). Even with dead transponders, their accounts are still
> charged accurately when they pass toll gates. (The sign displays "EZ
> Pass
> not read" or some such thing, but the account is debited within a day
> or two anyway).
This is the same for the state-wide Texas tag, TxTag[1]. If your tag
doesn't register, or you disable or remove it, the toll system can still
accurately bill you based on your license plate and vehicle
registration. If you're not in the TxTag system at all, they simply
mail you a bill.
[1] http://www.txtag.org/
--
Dustin D. Trammell
Security Researcher
BreakingPoint Systems, Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20080826/7e303ec0/attachment.pgp>
More information about the cryptography
mailing list