[Cryptography] cryptography Digest, Vol 16, Issue 26

grarpamp grarpamp at gmail.com
Mon Sep 1 13:54:25 EDT 2014


On Wed, Aug 27, 2014 at 3:21 PM, Peter Trei <petertrei at gmail.com> wrote:
> On 26 Aug 2014 21:28:49 -0000 "John Levine" <johnl at iecc.com> wrote:
>
> Subject: Re: [Cryptography] toll bills, was Encryption opinion
>
>>> I've not been on any of those
> ?>roads, but I've gotten three e-mailed bills in the last two weeks
>>>that to the unskeptical eye look fully legitimate, which also
>>>indicates that the phishers know that my geolocation makes driving
>>>such roads plausible.
>
>> It's not geolocation, everyone is getting E-ZPass spam this month.  I
>> have an E-ZPass account, and can report that it looks nothing like the
>> real mail they send, which just tells you to look at their web site
>> for a statement or other message.  This is aimed at the same kinds of
>> suckers who fall for 419.
>
>> I also got an actual e-mail this month from an actual toll road
>> telling me about an actual charge due to actually driving on it.  It
>> was the 407 in Toronto, not E-ZPass, and I knew they'd be billing me
>> so I set up an account so they'd e-mail me instead of the default
>> paper bill, but still ...
>
>> John
>
>> PS: So is there any crypto on toll transponders, or could I
>> skim them from the side of the road and make clones?
>
> Apparently some do, most don't. EZ Passes are made by
> Kapsch (Kapsch.net), which has data sheets available, and has
> made their protocols open source.
>
> You can easily modify one to inform you of when its queried:
> http://www.popsci.com/article/diy/ezpass-hack-covert-scanning

" Bear <bear at sonic.net>
Aug 28 (4 days ago)
I've got one.  It's an envelope lined with copper foil. I get
the pass out when approaching a toll booth, and put it back
(and put the 'chip clip' back on the envelope to ensure that
the foil makes good electrical contact) as I pull away from
the toll booth.
A toggle switch would be nice, but we can be fairly confident
that a Faraday cage is working as designed. Bear. "

> ...and it turns out they're queried all over the place, not just at
> tolls. There have been proposals for a 'kill switch' which would
> allow you to disable it except when approaching a toll, but I
> haven't seen that.
>
> But its moot, anyway. Transponders are being replaced by
> license plate scanning. This is yet another case where we
> accepted something (permanently visible LPs) on the basis
> that no one could track every plate, everywhere, all the time.
> Technology moved on, and invalidated that promise of
> privacy-unless-they-really-really-need-to-violate-it.

So you need active defense of plate masks/obfuscation
mechanichs... flip down blanking devices, character cards,
mask films on a loop roll motor, OLED plates. DIY 007. Drive masked,
reveal as needed. Worst case, you don't notice the cop car
near you and get a paper ticket for no plate or a hacked random
nonspec plate. $100+... better than daily loss of privacy to
intersection/roadside cams, google robot cars, etc.

Next battle... killing all the manufacturer supplied transponders
in your car...

Then your cell phone.


More information about the cryptography mailing list