[Cryptography] cryptography Digest, Vol 16, Issue 26
Peter Trei
petertrei at gmail.com
Wed Aug 27 15:21:10 EDT 2014
On 26 Aug 2014 21:28:49 -0000 "John Levine" <johnl at iecc.com> wrote:
Subject: Re: [Cryptography] toll bills, was Encryption opinion
>> I've not been on any of those
?>roads, but I've gotten three e-mailed bills in the last two weeks
>>that to the unskeptical eye look fully legitimate, which also
>>indicates that the phishers know that my geolocation makes driving
>>such roads plausible.
> It's not geolocation, everyone is getting E-ZPass spam this month. I
> have an E-ZPass account, and can report that it looks nothing like the
> real mail they send, which just tells you to look at their web site
> for a statement or other message. This is aimed at the same kinds of
> suckers who fall for 419.
> I also got an actual e-mail this month from an actual toll road
> telling me about an actual charge due to actually driving on it. It
> was the 407 in Toronto, not E-ZPass, and I knew they'd be billing me
> so I set up an account so they'd e-mail me instead of the default
> paper bill, but still ...
> John
> PS: So is there any crypto on toll transponders, or could I
> skim them from the side of the road and make clones?
Apparently some do, most don't. EZ Passes are made by
Kapsch (Kapsch.net), which has data sheets available, and has
made their protocols open source.
You can easily modify one to inform you of when its queried:
http://www.popsci.com/article/diy/ezpass-hack-covert-scanning
...and it turns out they're queried all over the place, not just at
tolls. There have been proposals for a 'kill switch' which would
allow you to disable it except when approaching a toll, but I
haven't seen that.
But its moot, anyway. Transponders are being replaced by
license plate scanning. This is yet another case where we
accepted something (permanently visible LPs) on the basis
that no one could track every plate, everywhere, all the time.
Technology moved on, and invalidated that promise of
privacy-unless-they-really-really-need-to-violate-it.
pt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140827/8676ba76/attachment.html>
More information about the cryptography
mailing list