[ISN] Hacking electronic-toll systems
InfoSec News
alerts at infosecnews.org
Thu Aug 7 04:46:41 CDT 2008
http://news.cnet.com/8301-1009_3-10009353-83.html
By Elinor Mills
Security - News.com
August 6, 2008
LAS VEGAS -- Electronic toll systems like FasTrak and E-ZPass may be
convenient for drivers, but they are rife with privacy risks, a security
expert said Wednesday at the Black Hat 2008 security conference.
Strangers with the right transponder reader walking through a parking
lot can steal the ID number off the transponders that are visible
through the windshield, put the data on their devices and pass through
bridge and other tolls for free, with the victim paying the bill,
according to Nate Lawson, principal of security consultancy Root Labs.
The transponder ID, which lacks encryption, could be wiped and switched
with that of a device from a different car used in a crime, such as for
alibi purposes, he said.
The e-toll systems also pose a risk in that a driver's movements could
be tracked in real time, and e-toll operators have already been served
with subpoenas seeking customer information, Lawson said.
Although the ID is not personally identifiable, it can be linked in the
back-end database to customer information like name, driver's license,
and credit card number, he said.
[...]
More information about the ISN
mailing list