Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

California's Wireless Road Tolls Easily Hackable

timothy posted about 6 years ago | from the no-sir-I-was-in-seattle-at-the-time dept.

Security 354

An anonymous reader writes "Nate Lawson, a researcher at RootLabs, has found a way to clone the wireless transponders used by the Bay Area FasTrak road toll system. This means you can copy the ID of another driver onto your own device and, as a result, travel for free while others foot the bill. Lawson also raises the interesting point of using the FasTrak system to create false alibis, by overwriting one's own ID onto another driver's device before committing a crime. Luckily, Lawson wasn't sued before he could reveal his research, unlike those pesky MIT students."

cancel ×


Sorry! There are no comments related to the filter you selected.

first (-1, Offtopic)

phillous (1160303) | about 6 years ago | (#24750741)

first post


sounds familiar (5, Informative)

gentooligan (936853) | about 6 years ago | (#24750783)

I think I read about this in little brother [] .

Re:sounds familiar (1, Informative)

Zygfryd (856098) | about 6 years ago | (#24751541)

Mod parent up.

The book linked is definitely relevant and the post has nothing to do with trolling.

I smell moderator abuse.

Re:sounds familiar (0)

Anonymous Coward | about 6 years ago | (#24751751)

It's modded as "Informative"

Cameras at every toll booth (5, Insightful)

maynard (3337) | about 6 years ago | (#24750791)

And they can record license plates. I think this hack has little criminal viability. Anyone who used it extensively would be caught in short order. Though authorities might be willing to let the criminal conduct continue on until the criminal passed the felony threshold.

Re:Cameras at every toll booth (2, Interesting)

introspekt.i (1233118) | about 6 years ago | (#24750813)

Unless you dirtied up your license plates so they weren't recognizable by those pesky cameras they use at the toll stations...but hey, I'm from the are toll booths?

Re:Cameras at every toll booth (1, Informative)

Anonymous Coward | about 6 years ago | (#24750961)

In toronto we have an electronic toll as well. Cameras and such and completely unmanned.

We have a law against dirty license plates. You may save on cash from using the highway, but some police officer will eventually hit you with a ticket (they do stop people with dirty plates) and your insurance rates will go up.

Tolled roads are very abnormal in Canada, but this one works reasonably well.

Re:Cameras at every toll booth (1, Insightful)

mweather (1089505) | about 6 years ago | (#24751025)

It's a sad day when getting your car dirty raises your insurance rates. My lawn is brown, and I don't pay anything extra on my homeowners insurance for it.

Re:Cameras at every toll booth (1)

ShadowRangerRIT (1301549) | about 6 years ago | (#24751089)

Yeah, but a brown lawn doesn't exactly conceal your identity last I checked.

Re:Cameras at every toll booth (1)

schon (31600) | about 6 years ago | (#24751829)

a brown lawn doesn't exactly conceal your identity last I checked.

And last time I checked, a license plate doesn't hold your identity.

Your drivers license holds your identity. Your license plate just says that the car is licensed to be on the public roadways.

Re:Cameras at every toll booth (1)

timbck2 (233967) | about 6 years ago | (#24751721)

Who modded this a Troll? I completely agree with it -- tickets for dirty license plates?

Re:Cameras at every toll booth (4, Insightful)

repvik (96666) | about 6 years ago | (#24751891)

I consider using the state-provided roads as a privilege, not a right, that requires your car to be identifiable by a valid licence plate.
If the plates are obscured, either by dirt or by purpose, isn't it reasonable to give a ticket to deter this?

Re:Cameras at every toll booth (4, Funny)

cayenne8 (626475) | about 6 years ago | (#24751085)

"We have a law against dirty license plates. "

Well, just rig up some sort of James Bond plate changing mechanism....where you can flip the plate, or just obscure it when going through the booth, then hit the switch, and set it to normal again.

I've been thinking of something like this for the stupid red light cameras they've been putting in down here in NOLA.

Back on the ez-pass system. For awhile I was having to cross the bridge across lake pontchartrain, and it was a toll bridge. I just don't like the idea of having a system track my movements, so I just paid toll tag for me. Sure, it costs a dollar more, but, worth it to me.

Re:Cameras at every toll booth (1)

wattrlz (1162603) | about 6 years ago | (#24751189)

You do realize they usually take your picture when you pay cash too, right?

Re:Cameras at every toll booth (1)

cayenne8 (626475) | about 6 years ago | (#24751359)

"You do realize they usually take your picture when you pay cash too, right? "

Why would they need to do that? I don't recall seeing any cameras at the toll booth when I handed the $3 or whatever it was to the attendant.

Even so, at least there is not a quick and easy way to find out when I was there on a computer like with the EZ passes....

Re:Cameras at every toll booth (2, Interesting)

mshannon78660 (1030880) | about 6 years ago | (#24751725)

Down here (central Texas, Austin area), they have something called 'video tolling'. Essentially, anyone can go through the TxTag lanes, whether they have a transponder or not. If you have a transponder, you get a discount (I think it's 20%) off the cash rate; if you don't, you pay a premium (again, something like 20-33%) on the toll, plus a handling fee (something like $1 per bill). So yes, they can, in a completely automated fashion, take a picture of your license plate and record in a database exactly when you went through that toll plaza. If you drive on the toll road, you should not expect that anything will restore your anonymity.

Re:Cameras at every toll booth (0)

Anonymous Coward | about 6 years ago | (#24751263)

Maybe if you stopped running red lights you wouldn't have a problem with the red light cameras taking your picture?

I mean, come on - I am against taking pictures of everything all the time, but the red light cameras are one where they are pretty foolproof at only taking pictures of scofflaws who are endangering everyone else. That seems to be a good thing.

Re:Cameras at every toll booth (5, Insightful)

Chainsaw76 (261937) | about 6 years ago | (#24751343)

"pretty foolproof"
Your kidding right? There have been many cases of the Red Light Companies moving sensors around to catch people who Hadn't run the red light. And the one time I got a ticket from this system, the plate was unreadable, the Dark 4 door sedan pictured didn't look anything like my white 2 seat convertible, and we (my car and I) were 800 miles away at the time on the time stamp.


Re:Cameras at every toll booth (1)

Firethorn (177587) | about 6 years ago | (#24751805)

Just gotta love that. In addition, I've also heard of an automated speed camera sending a fine notice to a farmer for his antique tractor with a max speed of 8 kph - it said he was doing something in the high 80's with it.

The funny one I saw recently sent a ticket to a guy - the picture showed the car was in the process of being towed.

Of course, they're also throwing the ball back at you - you have to prove you're innocent, not the other way around.

Back on the wireless toll roads, my first thought was that 'they even encrypt garage door openers to prevent this today!'. For anything more serious than a simple inventory, encrypted RFID devices should be the rule.

Re:Cameras at every toll booth (4, Interesting)

cayenne8 (626475) | about 6 years ago | (#24751427)

"I mean, come on - I am against taking pictures of everything all the time, but the red light cameras are one where they are pretty foolproof at only taking pictures of scofflaws who are endangering everyone else. That seems to be a good thing."

As the other poster said, there have been cases where the private company running these cameras weren't making enough money, and shortened the yellow light, or even rigged the cameras to take pics while light was yellow, but, showing red on the ticket. Studies have shown that in a VERY high percentage of cases, if they extended the length of the yellow light at troublesome intersections, that the number of people running red lights almost dropped to near zero.

One of my other problems with the system here...was that the cameras aren't only taking pictures of light runners. They have still and full motion cameras...they showed a case of cars sitting there at a red, and a car going around the front one and running the light, all in full motion. That means the cameras are running all the time...I don't like that.

I'd heard that someone was bringing suit against them in that they are unconstitutional in the state of that they aren't on every intersection, and the law states something like there has to be equal enforcement on all LA roads,etc.

Re:Cameras at every toll booth (1)

popeye44 (929152) | about 6 years ago | (#24751555)

We had 2 intersections here in Fresno that had Red Light Cameras. The company that put them in had a hell of a marketing department and sold the city on the idea. FF 2 years and Fresno made them pull the cameras and take down the poles etc. The company lied about how much money it would bring in. People in Fresno knew the lights would catch them and basically stopped running it. You can't make money if no one breaks the law. Better a few jump through a yellowed/red and get caught by regular police than no one ever doing it.

Re:Cameras at every toll booth (4, Insightful)

EMeta (860558) | about 6 years ago | (#24751629)

Um, no. Better no one doing it. Running reds isn't like going 10 mph over the speed limit. People die from that. A lot. It really shouldn't be about the income.

Simple solution (2, Interesting)

FST777 (913657) | about 6 years ago | (#24751787)

Don't let private companies run these things.

As a Dutchie, I'm completely stunned at the thought that any government will let privately owned companies run the traffic...

Re:Cameras at every toll booth (0)

Anonymous Coward | about 6 years ago | (#24751407)

having visited Toronto, I must say, it is the only city in the world where I feel at home other than my own back here in the states. The hackable thing in Toronto was more the subway ticket system... Damn pesky MIT students! The roads were way too hectic to drive on though, and I still can't figure out how much a litre is and why it's so cheap compared to our evil american gallon.

Re:Cameras at every toll booth (1)

Aphoxema (1088507) | about 6 years ago | (#24751553)

Tolled roads are very abnormal in Canada, but this one works reasonably well.

I first read that as "Trolled", silly me!

Re:Cameras at every toll booth (5, Informative)

neapolitan (1100101) | about 6 years ago | (#24750967)

Yep - that was my first thoughts too. Driving with an unreadable license plate, though, is grounds to get you pulled over anyway.

In case you didn't know, most toll booth places have:

    Cameras front-mounted to take a picture of YOU or passengers...

    Cameras in the back to take a picture of your plate...

    Occasional cops sitting at the side of the road that are ready to pull you over.

It's academically interesting (and it should be) but not useful for the criminal. You can always simply drive through a checkpoint without an ez-pass, and most likely nothing will happen [] for a long time. Is it worth it? Nope.

Re:Cameras at every toll booth (1)

Volante3192 (953645) | about 6 years ago | (#24751137)

Heh, you might luck out with an e-z pass, but the one time I went through FasTrak in Southern CA with the company car with an out of date transponder, my company got hit with fines.

Very quick turnaround too.

(Served them right for not keeping it current. Actually, I think they changed the car it was in so the plates didn't match, but either way, I wasn't driving a configuration the booth liked.)

Re:Cameras at every toll booth (1)

cwAllenPoole (1228672) | about 6 years ago | (#24751529)

Wow... with fines like that, most of us NJ drivers would simply skip out. People routinely pay $6 to cross a river to go to work, a $2 fine is a welcome change.

Re:Cameras at every toll booth (1)

pla (258480) | about 6 years ago | (#24751761)

"The system is about to take a sweeping technological turn, doing away with booths, baskets, cash and relying on video cameras to bill drivers."

How exactly do they plan to do that? Not everyone passing through their state lives there, or near enough to realistically expect them to sign up for EZ-Pass. Personally, I don't have it because, while I live in a state that does use EZ-Pass, I only go through the tolls perhaps twice a year.

Clearly, the states would much rather switch to all electronic tolls (they seem to make a game of making the cash-accepting lanes as difficult to find as possible), but to do away with cash altogether? Not possible.

Re:Cameras at every toll booth (1)

Dog-Cow (21281) | about 6 years ago | (#24751857)

I live in MI. When I go to Toronto, I use the 407. They never have a problem sending me the bill in the mail. There are no booths at all that I've ever seen.

Re:Cameras at every toll booth (1)

PoliTech (998983) | about 6 years ago | (#24751019)

...but hey, I'm from the are toll booths?

I'm guessing that you've never been to Illinois. "Welcome to Illinois! Pay toll."

Re:Cameras at every toll booth (1, Informative)

Anonymous Coward | about 6 years ago | (#24751083)

The best part of Illinois tolls is that they are "half Price" for "I-Pass" cars and trucks. From out of state? Paying cash? You pay double!

E-Z pass users get the same rate and I-pass users (1)

Joe The Dragon (967727) | about 6 years ago | (#24751489)

E-Z pass users get the same rate and I-pass users get E-Z pass rates as well. Also alot of People in WI and IN have I-pass / E-Z pass.

Now E-Z pass is the system to hack as many states use it.

Re:Cameras at every toll booth (3, Funny)

kg9ov (611270) | about 6 years ago | (#24751097)

Ohhh.... you must mean the great state of Chicago...

Re:Cameras at every toll booth (0)

Anonymous Coward | about 6 years ago | (#24751269)

I lived in Illinois for 24 years. Never paid a toll at any point on any road in the state. Of course, I never went to Chicago. The only time I have ever paid tolls is when I went to visit my family in Florida, and then only if I go through Orlando. You can avoid them there if you go through Tampa.

Re:Cameras at every toll booth (1)

zippthorne (748122) | about 6 years ago | (#24751659)

You can avoid them there if you aren't afraid of a few traffic lights, too. The toll roads are much nicer, though paradoxically, speed is more strictly enforced.

Re:Cameras at every toll booth (1)

mishehu (712452) | about 6 years ago | (#24751557)

Illinois, the land of the waving palm (and I don't mean the trees... "donation" please...)

At least with the I-Pass system the guys can't be skimming off the top in the counting rooms anymore...

Re:Cameras at every toll booth (3, Informative)

sm62704 (957197) | about 6 years ago | (#24751685)

I'm guessing that you've never been to Illinois. "Welcome to Illinois! Pay toll."

The only toll roads in the whole state are north of I-80. Of course, you guys up there think Illinois' southern border is I-80 anyway.

Uncyclopedia has a good article about our great state. []

Illinois boasts hundreds of thousands of miles of roadway, almost 1.7% of which are in drivable condition at any given time. The rest are under construction, fuelling the state's economy by adding needed jobs in the road construction industry, and the Illinois Political Patronage Brotherhood of Sign Holders and Shovel Leaners, which depends on constant road construction for its continued existence. To maintain the roads in this condition, state law requires concrete to contain at least 35% white corn meal (cleverly subsidizing the Illinois farmer as well as the road construction industry). It also mandates tar products to be replaced with black licorice in the manufacture of asphalt. During summer months, hapless Illinois home-owners across the state obtain big brushes and squeegees, and can be seen coating their driveways with a new layer of melted black licorice, vainly but valiantly attempting to prevent them (the driveways, not the home-owners) from disintegrating into grey pebbles. This explains the popular saying: "There are two seasons: Blizzard, and Tornado". Also synonymous with "Winter and Construction" in the North.

Re:Cameras at every toll booth (1)

ShadowRangerRIT (1301549) | about 6 years ago | (#24751073)

I just drove cross country (from Seattle to D.C.). Illinois, Indiana and Ohio all use toll roads. The Midwest is not uniquely different from anywhere else; toll roads are a state policy, not a way of life.

Re:Cameras at every toll booth (1)

erroneus (253617) | about 6 years ago | (#24751747)

That wouldn't work for long. MOST people generally drive the same areas on a routine basis. And even those people that don't could be flagged for chase. Essentially, once someone has been identified as using a false or copied code, they can take pictures of the vehicle and post it for chase along with the code being used. There are a variety of ways an individual can be flagged and the only way to continue doing it is to change vehicles and codes frequently and that would become a burdensome crime to maintain.

The false alibi thing could conceivably work if you had proper cooperation. All one would need is to hire someone to drive your car while you drive theirs, but then again, under such a scenario, cloning transponder codes wouldn't even be necessary... just pass the person your car, your cell phone and credit card to make a gasoline purchase or two and you've got a pretty convincing alibi.

Re:Cameras at every toll booth (2, Insightful)

Aphoxema (1088507) | about 6 years ago | (#24750833)

The only problem is that they probably started this system to cut on costs and cut out human error. I doubt they'll actually put in any protection or change the system, they'll just try to crack down on people that commercialize it like blueboxing and cable descramblers.

Re:Cameras at every toll booth (1)

PC and Sony Fanboy (1248258) | about 6 years ago | (#24751023)

The real use of this 'hack' is to screw over your pesky neighbors. Especially if you keep doing it.

Re:Cameras at every toll booth (2, Funny)

chaim79 (898507) | about 6 years ago | (#24751433)

If the chances of getting caught are high enough you can use it in reverse to screw your neighbors, program theirs to be some random person (or find one from a cop car) and let them explain it to the judge. :)

Re:Cameras at every toll booth (0)

Anonymous Coward | about 6 years ago | (#24751163)

If a technology that's supposed to be an improvement requires cameras at every booth, and people & equipment to maintain the recordings, is it really an improvement? I think not

Can you get stopped for (1)

joeflies (529536) | about 6 years ago | (#24751179)

leaving the new car plates on your car even after you get your real license plates?

Re:Can you get stopped for (0)

Anonymous Coward | about 6 years ago | (#24751711)

Of course. That's what the expiration date is for.

Re:Can you get stopped for (1)

Firethorn (177587) | about 6 years ago | (#24751911)

Yes. The temporary tags are only good for so long, though that's creating some annoyance here because the state is taking longer to issue plates than what the tags are good for.

Alibis? (4, Informative)

goose-incarnated (1145029) | about 6 years ago | (#24750817)

You've got it the wrong way around - people won't use this to create alibis before committing a crime, they'll use it to establish evidence of the target being in a certain area at a certain time even though he swears he was elsewhere

At any rate, certain requirements have to be met before something can be introduced as evidence. I'm assuming most things (like this) would, by default, not constitute evidence anyway. Email (at least in this country) needs to be provided along with an audit trail before it's accepted as evidence

Re:Alibis? (1)

chebucto (992517) | about 6 years ago | (#24751111)

Stop, you're both right!

I would think false alibis are just as likely as framing.

As for evidence, I seem to remember hearing snippets on Off The Hook about this sort of data being used as evidence in the past.

Re:Alibis? (2, Interesting)

Farmer Pete (1350093) | about 6 years ago | (#24751125)

This wont help with Alibis because no court will accept a time stamp and a transponder id as evidence. Who is to say that you were driving the car, or even that someone didn't take your FastPass and drive through with a different car. To be entered into evidence you would have to take the time/id and review the video records to get a car/face match.

Even if this worked for an alabi like TFA implied, you could get into trouble real quick if you didn't know the final destination of the car. What? You tell the police you went to X? Well the car you gave your ID went to Y. The car also is still driving around town and went through two toll booths while you were in police custody.

Re:Alibis? (1)

aug24 (38229) | about 6 years ago | (#24751217)

That could be done by just inserting values in the database. No cloning required.

Article Text (4, Informative)

dfm3 (830843) | about 6 years ago | (#24750825)

Between the splash screen redirects and the ads, this article is nearly unreadable. Here's the text for those who don't want to put up with the crap.

Drivers using the automated FasTrak toll system on roads and bridges in California's Bay Area could be vulnerable to fraud, according to a computer security firm in Oakland, CA.

Despite previous reassurances about the security of the system, Nate Lawson of Root Labs claims that the unique identity numbers used to identify the FasTrak wireless transponders carried in cars can be copied or overwritten with relative ease.

This means that fraudsters could clone transponders, says Lawson, by copying the ID of another driver onto their device. As a result, they could travel for free while others unwittingly foot the bill. "It's trivial to clone a device," Lawson says. "In fact, I have several clones with my own ID already."

Lawson says that this also raises the possibility of using the FasTrak system to create false alibis, by overwriting one's own ID onto another driver's device before committing a crime. The toll system's logs would appear to show the perpetrator driving at another location when the crime was being committed, he says.

So far, the security flaws have only been verified in the FasTrak system, but other toll systems, like E-Z Pass and I-Pass, need to be looked at too, argues Lawson. "Every modern system requires a public security review to be sure there aren't different but related problems," he says. Indeed, in recent weeks, researchers announced flaws in another wireless identification system: the Mifare Classic chip, which is used by commuters on transport systems in many cities, including Boston and London. However, last week, the Massachusetts Bay Transportation Authority (MBTA) filed a lawsuit to prevent students at MIT from presenting an analysis of Boston's subway system.

The Bay Area Metropolitan Transport Commission (MTC), which oversees the FasTrak toll system, maintains that it is secure but says it is looking into Lawson's claims. "MTC is in contact with vendors who manufacture FasTrak lane equipment and devices to identify potential risks and corrective actions," says MTC spokesman Randy Rentschler. "We are also improving system monitoring in order to detect potentially fraudulent activity."

In the past, authorities have insisted that the FasTrak system uses encryption to secure data and that no personal details are stored on the device--just two unique, randomly assigned ID numbers. One of these is used to register the device when a customer purchases it, while the other acts as a unique identifier to let radio receivers at tolls detect cars as they pass by.

But when Lawson opened up a transponder, he found that there was no security protecting these IDs. The device uses two antennas, one to detect a request signal from the toll reader and another to transmit its ID so that it can be read, he says.

By copying the IDs of the readers, it was possible to activate the transponder to transmit its ID. This trick doesn't have to be carried out on the highway, Lawson notes, but could be achieved by walking through a parking lot and discreetly interrogating transponders.

What's more, despite previous claims that the devices are read only, Lawson found that IDs are actually stored on rewritable flash memory. "FasTrak is probably not aware of this, which is why I tried to get in touch with them," he says. It is possible to send messages to the device to overwrite someone's ID, either wiping it or replacing it with another ID, says Lawson.

"Access to a tag number does not provide the ability to access any other information," says MTC's Rentschler. "We also believe that significant effort would need to be invested in cloning tags." He adds, "If any fraudulent toll activity is detected on a customer's account, the existing toll-enforcement system can be used to identify and track down the perpetrator."

Lawson says that using each stolen ID just once would make it difficult to track down a fraudster. A better solution, he believes, would be to require toll readers and transponders to carry out some form of secure authentication. But this would require changes by MTC. As an alternative, Lawson is working on a privacy kit to let drivers turn their transponders on and off so that they are only vulnerable for a brief period as they pass a toll.

There is another way, he says. "It's probably in the user's best interest to just leave it at home." This is because FasTrak uses license-plate recognition as a backup.

Ross Anderson, a professor of security engineering at Cambridge University, in the U.K., says that "very many embedded systems are totally open to tampering by anyone who can be bothered to spend some time studying them."

Competent use of encryption is the exception rather than the norm, Anderson adds, and the situation is unlikely to change soon. "One industry after another is embracing digital technology, and none of them realize that they need computer security expertise until it's too late and they get attacked," he says.

Bruce Schneier, chief security technology officer at BT, based in Mountain View, CA, says that it is too easy for companies to get away with lousy computer security. "Honestly, the best way is for the transportation companies to sue the manufacturers," he says. "Then they'll think twice about selling shoddy products in the future."

Re:Article Text (0)

Anonymous Coward | about 6 years ago | (#24751169)

No ad-block?

No ad-block (1)

dfm3 (830843) | about 6 years ago | (#24751613)

Sometimes corporate policy limits what one may do with their computer... yeah, I know, I should get back to work.

Re:Article Text (2, Informative)

Bryansix (761547) | about 6 years ago | (#24751223)

It is worth noting that the FasTrak system is deployed throughout California and not just in the Bay Area. I have four tollways near my home alone that use the system and I live in Southern California. It is a given that if it is a Toll Road and it is in California that it uses FasTrak. The only exception may be toll bridges.

Re:Article Text (0)

egnop (531002) | about 6 years ago | (#24751355)


Little Brother (Cory Doctorow) (1)

reality-bytes (119275) | about 6 years ago | (#24751573)

I wonder if Nate Lawson had read Cory Doctorow's "Little Brother" before his work on the Fastrak transponders?

It just so happens that Doctorow's fictional 'Little Brother' [] work describes just such an exploit being used on a Bay Area transit card system.

Having said that, Doctorow mentions in his preface that most of the technologies in the work are either current reality or the possibilities of the near future.

Nowadays, it seems it's more about which transit card/xpndr system hasn't been done yet.

cameras / scanners (3, Interesting)

j00r0m4nc3r (959816) | about 6 years ago | (#24750829)

I don't know about California, but in New England they have cameras that can match up a vehicle with a FASTLANE transmitter. It would not be very hard to also hook up license plate scanners. This seems like a crime with very little payoff, and huge chance of getting caught.

Re:cameras / scanners (1)

Lumpy (12016) | about 6 years ago | (#24750919)

and it's really easy to obscure your plate to side and overhead cameras. A very simple system is a frame with louvers that obscure it from side angles, can be made in anyone's garage with pop cans and is nearly invisible to cops driving behind you.

Re:cameras / scanners (2, Interesting)

halcyon1234 (834388) | about 6 years ago | (#24751021)

I don't have the newspaper article on hand, but a couple years ago in Toronto, someone was avoiding tolls on the 407 (Ontario's only toll road). They put their license plate on hinges, and attached a piece of string to it that ran through the car to the front. A tug on the string, and the plate flipped up.

And he would have got away with it if it wasn't for those meddling-- well, Ontario Provincial Police doing a blitz on the highway specifically looking for speeders, dangerous drivers and toll-evaders.

Re:cameras / scanners (2, Interesting)

dfm3 (830843) | about 6 years ago | (#24751153)

Where I live, it's common for thieves to steal license plates and slap them on their car before committing a crime. It raises far less attention than a car with no plates, and even if bystanders copy down the offending plate number, such information is useless.

Combine a stolen plate with a stolen ID, and it would be very difficult to track down a one-time offender disregarding something like facial recognition (drive through the tollbooth every day at 8 AM, though, and I'm sure they'd catch on pretty quickly).

Another loophole is those temporary 30 day tags you get when you purchase a new car. In many states they are not unique, not trackable (in our state they just have a sharpied 6-digit expiration date in big numbers), easy to fake, and nobody thinks twice about them.

Re:cameras / scanners (3, Informative)

Rastl (955935) | about 6 years ago | (#24751321)

Any obvious physical means to obscure the license plate would be self-defeating.

Just get some polarizing film and put it over your license plate. Unless the cameras are head-on (which generally they're not) they're going to get a black rectangle where the license plate should be.

A 'clear' film would be much less likely to attract law enforcement attention than some kind of physical change.

I believe this kind of thing is illegal but then again if you're going to be using a cloned transmitter I don't see that breaking another law would cause you to lose any sleep.

colorado replacing toll booths with cameras (1)

peter303 (12292) | about 6 years ago | (#24751339)

About 10% of the toll road rides are infrequent-users who dont have transponders. Colorado decided to terminate the booths and use cameras to mail bills to users. Its cheaper than people.

What about the license plate? (0)

Anonymous Coward | about 6 years ago | (#24750863)

In Massachusetts, the similar "Fast Lane" RFID transponder id is linked to your license plate. If you drive through a toll gate with an id that does not match your license plate (high speed cameras read the plate and use OCR to record it), your account gets flagged and you get a nastygram in your snail mail box along with a fine.

People victims to this type of clone would then obviously appeal and the stored license plate number of the cloner would then be easily used to find them.

This is nothing new... (2, Insightful)

Chineseyes (691744) | about 6 years ago | (#24750865)

When I was a teenager (late 90s) there were a few people selling a device about the size of two bricks that could fool ez-pass [] by using another person's id. This is why when you sign up for ez-pass you have to give them the make and model of your car as well as your license plate number. They have two cameras on either side of your car pointing at you and numerous overhead cameras when you pass through so I believe any sort of fraud would be pretty difficult to pull off. I'm sure California has a similar setup and if they don't then they better get working on it.

Re:This is nothing new... (1)

ckthorp (1255134) | about 6 years ago | (#24751005)

Ah, but you could use the hack to frame someone for fraud. They would have a hard time clearing their name because computers are "infallible."

Re:This is nothing new... (0)

Anonymous Coward | about 6 years ago | (#24751241)

So if the cameras verify your car's make and model, and license plate.... what again does the wireless transponder thing do?

So let me get this straight... (1)

sakdoctor (1087155) | about 6 years ago | (#24750883)

The transponder doesn't do challenge response, it just spews out an ID number when polled?

Re:So let me get this straight... (1)

mapsjanhere (1130359) | about 6 years ago | (#24751041)

Nope, it's just an oversized RFID similar to what Walmart puts on their pallets.

Re:So let me get this straight... (1)

betterunixthanunix (980855) | about 6 years ago | (#24751281)

Embedded devices are rarely designed to be very secure. One of the problems is that often there is not enough space for strong crypto, even a strong cryptographic hash. Things are getting better these days, with smaller transistors and lower power circuitry, but it is still difficult to get really strong crypto in a small RFID transponder like that.

Re:So let me get this straight... (1)

nwf (25607) | about 6 years ago | (#24751497)

Have you seen those toll tags? I have an EZPass, and it's larger than my iPhone. They could put all sorts of stuff in that thing.

Nah, it's laziness.... (1)

OmniGeek (72743) | about 6 years ago | (#24751723)

While it's true that passive RFID devices are notably short on power and computing capacity (and can be vulnerable to tricks like power-consumption analysis and direct physical probing to attack their encryption), the central reason most of these systems are poorly encrypted if at all is...

Cheapness, intellectual laziness, and garden-variety stupidity.

One CAN make these systems much more secure, but it requires cryptographic competence and the determination to do the job right. As Schneier says, crypto is hard to do properly, so it costs time, money, and thought. And the end user can rarely distinguish a secure system from a crappy one, so the economic incentive do do it right is minimal.

Methinks we could use a good set of standards and an accepted certification process for rating the attack-resistance of systems like this. Won't happen, of course...

Well! Biggle my jiggles! (-1, Troll)

Anonymous Coward | about 6 years ago | (#24750889)

Wherebore, fut equitog smolney?

No Authentication = Easy Crime (3, Interesting)

binaryspiral (784263) | about 6 years ago | (#24750907)

When you have the ability to send the same data over and over again without any form of authentication or obfuscation - yes, it can be copied and used by anyone else.

There are ways to prevent this:

Use a rolling code, like my garage door, key fob, and online banking fob uses.

Use another form of authentication, like color of vehicle, plate number, or something else easily identifiable on the car.

These are about as secure as my Speedpass fob that I can use to purchase fuel and snacks at Mobil stations. If its stolen, anyone can use it.

Re:No Authentication = Easy Crime (1)

Volante3192 (953645) | about 6 years ago | (#24751141)

There are cameras at CA FasTrak lanes that do take photos of the cars and your make/model/color and licence plate are on file.

I think it's reasonable to assume that for the wireless bit, they wanted it as simple as possible. Less data to send, less chance you'll miss anything at 80mph.

That's why the other bits are in place.

Re:No Authentication = Easy Crime (1)

SvnLyrBrto (62138) | about 6 years ago | (#24751323)

> Use another form of authentication, like color of vehicle, plate
> number, or something else easily identifiable on the car.

The insufferable thing is... they already HAVE cameras with character recognition at the tolls gates. If you blow through the lane without paying the toll, fast-track or otherwise, the system snaps a photo of your license plate and you get a ticket for the violation in the mail a few days later. So if they were to just change their software, they could dispense with the expense and hassle of fast-track and the toll lanes, and just photo the license plates that use the bridges and bill you at the end of the month for that usage.

But that would mean giving up the ticket income for toll violations, the toll collectors are no doubt unionized, and someone is getting kickbacks on fast-track. Gotta love the government, eh?


Re:No Authentication = Easy Crime (1)

zippthorne (748122) | about 6 years ago | (#24751917)

Billing is an issue, though. You have to be in some kind of electronic payment system for that to work. If they have to spend $.42 to send you a $2 bill, they're not saving much over the fancy system.

But you're still right, though. Why not just register your tag with an electronic billing firm, that has permission to deduct the tolls from an account you fill for the purpose?

Re:No Authentication = Easy Crime (0)

Anonymous Coward | about 6 years ago | (#24751375)

"These are about as secure as my Speedpass fob that I can use to purchase fuel and snacks at Mobil stations. If its stolen, anyone can use it."

Yup, kinda like cash. I use it to purchase snacks and fuel at the local gas station, and if it's stolen, anyone can use it.

Problems with the Clone/Alibi idea (1)

sfm (195458) | about 6 years ago | (#24750943)

Unfortunately, pretending to be someone else may save you some tolls, but eventually someone will figure out who is posing as a different driver. The Bay Area bridge, airport parking lots, and many other places have cameras that photograph both the driver and the license plate of the vehicles that pass. Maybe some good will come out of all this surveillance.....but probably not.

As former toll systems programmer... (4, Informative)

faragon (789704) | about 6 years ago | (#24750975)

Old wireless toll systems didn't event use encryption, such as the case of old Amtech 2.4GHz systems, which are limited to store information similar to a typical ISO Track #2 credit card (PAN [] , and some other info). However, modern system, such as the CESARE [] european standard (public information, no revealing secrets here, of course), includes modern security (realtime generated derivate key negotiation, etc.).

Luckily, Lawson wasn't sued (0, Troll)

Anonymous Coward | about 6 years ago | (#24750979)

Not yet. But he will be. We are seeing an irresistable force meeting an immovable obstacle. Society is creating a scenario where as technology moves forward the gap between truth, progress, science - and security, stability, state widens. They are not naturally in conflict, but we have chosen to make them so. The law and research are increasingly at odds. Corporations and governments have begun to build presumed ignorance into business and administration models, backing up security through obscurity with sanctions of threats, imprisonment and violence. The way it looks to me over the next 10 years research is not going stop, and neither is the landgrab for power and easy exloitation. Sooner or later these worlds are going to clash in a big way (many would say they already have as the economy collapses). Basic activities like the teaching and practice of chemistry, physics and computer science are being attacked to maintain a fragile status quo. Yet, economic development is not possible without research and education. It seems society has painted itself into a corner. It cannot progress without science and yet it is so threatened it will not tolerate it amongst its people. It's killing off the nutrients that feed it.

Not impressed! (-1, Flamebait)

bogaboga (793279) | about 6 years ago | (#24751035)

I am in fact disappointed that we as Americans appear never to ever get it right first time! Things like these should be just routine at this point. From hackable voting machines to tainted vegetables!

We invented the modern computer and all that goes with it...why do we still make these mistakes? Events like these make embolden proponents of out-sourcing.

Very sad indeed.

Re:Not impressed! (1)

betterunixthanunix (980855) | about 6 years ago | (#24751309)

"First time?" We are lucky to get it right the 800th time.

Re:Not impressed! (1)

gnick (1211984) | about 6 years ago | (#24751833)

I am in fact disappointed that we as Americans appear never to ever get it right first time! ...

We invented the modern computer and all that goes with it...

Right - Good thing that didn't need any revision after our first implementation.

Ah! (1)

ebonum (830686) | about 6 years ago | (#24751039)

Damn it! Will someone arrest this guy? I've been doing this for years. How can he go out an publicly disclose something like this? This is criminal! How much longer will this trick work? Another month or two? This is going to cost me. CA gas prices are already too high. I pay plenty of taxes on the gas, I really don't want to have to pay this also.

California Schemin' (2, Funny)

jollyreaper (513215) | about 6 years ago | (#24751099)

all the streets are free
and the highway's no pay
I've been for a drive
on a self-made freeway

My hacks will do the charm
Cuz I'm in L.A
California Schemin'
on a self-made freeway

Anarchy on the Roads (1)

JiffyPop (318506) | about 6 years ago | (#24751183)

The solution to all of the comments that your license plate will still identify you: as you drive around simply start saving and replacing the ID in devices as you pass other drivers. After a week you could replace your own ID with any of the values you swapped around during the week (hundreds? thousands?). Voila! Plausible deniability.

I'd hate to be working for whoever has to sort out the mess in the end, though. That's a lot of work to create for others just to avoid some tolls.

Easily hackable, but a useless hack... (4, Insightful)

SuperBanana (662181) | about 6 years ago | (#24751227)

...given that almost all of the toll transponder systems in the US have cameras, and plate recognition is done. I once got a ticket from another state (NY), claiming a plate I had years ago had gone through one of their upstate tollbooths. Also, my father would get notices in the mail from our state's system when he moved the transponder to a vehicle that wasn't registered to use it. So. Useless hack, sensationalist article, film at 11.

Re:Easily hackable, but a useless hack... (0)

Anonymous Coward | about 6 years ago | (#24751583)

Not 100% sure on this, but I believe the cameras are only used in instances where the vehicle fails to properly authenticate.

I fairly sure of this because I have used my I-Pass with my wife's car several dozen times over the past few years.

Life Imitates Art (1)

jasontromm (39097) | about 6 years ago | (#24751243)

Sounds exactly like something out of Cory Doctorow's recent novel, "Little Brother."

Why use transponders at all? (1)

davidwr (791652) | about 6 years ago | (#24751299)

Transponders are useful for cars without local plates or cars with dirty plates, but otherwise, why bother?

Re:Why use transponders at all? (1)

faragon (789704) | about 6 years ago | (#24751535)

You're right, it's done that way because the transponder is "the contract", similar to a credit card. Using just the vehicle identification plate, you should have a contract for every car you drive, while with the transponder you're able to use your own/lover^Wwife/renting car, etc.

Easy Solution (-1, Offtopic)

VincenzoRomano (881055) | about 6 years ago | (#24751301)

Use the vignette [] .
It's cheaper and already working in a number of countries.
The drawback is that you cannot create ad hoc business ... :-)

Easy Crime != Justified Crime (-1, Flamebait)

Anonymous Coward | about 6 years ago | (#24751305)

Yeah, because at a time when our transportation infrastructure is crumbling all to hell, what we really need to do now is defraud the system designed to collect funds to pay for its upkeep.

Way to stick it to The Man, guys. That will teach them to salt roads and fill potholes!

"Lawson also raises the interesting of using ..." (1)

frglrock (992261) | about 6 years ago | (#24751413)

I wish I could "raise the interesting" like that ... hmmm, the more I look at that sentence the more wrong it gets.

As seen in Little Brother (1)

atdt1991 (1069776) | about 6 years ago | (#24751483)

The idea of hacking the FasTrak system (or, more specifically, cloning FasTrak units) for false alibis and other social mayhem was explicitly brought up in Cory Doctorow's Little Brother [] . I think it is way more interesting in the fiction book, because they rapidly re-cloned random other cars, essentially switching IDs around.

Roll Eyes (2, Insightful)

mpapet (761907) | about 6 years ago | (#24751569)

1. How many tolls will be stolen? Too few for anyone in the project to care. They will treat this like "ID theft" and the burden is on you.

2. How many people are going to want or actually *do* anything TFA suggests. It's a number very close to zero.

The same kind of thinking applies to most automated transit toll collecting system. No one that could do anything about these issues cares or would be foolish enough to waste budget on corner cases like this. It would be a huge political/professional liability if they did.

E-Z Pass (1)

akunkel (74144) | about 6 years ago | (#24751589)

I don't know about cloning an E-Z Pass but if you use the E-Z Pass tag on a car that it is not registered to you, you get a ticket from them with the offending license plate number. At least this is the case in the NY Metro area. My wife got a ticket when I used her pass while waiting for a replacement for my non-functioning pass. I have had several friends who used to swap the passes between cars start to get tickets for the same reason. Are they scanning all of the license plates and matching them with the E-Z Pass tag or only some? This would seem to make cloning less effective unless you were maybe driving a stolen car/swapped plates since they would know the plate number of the cloned tag.

The other readers (0)

Anonymous Coward | about 6 years ago | (#24751651)

We mustn't assume that these vehicle transponder only use is for for toll collection. They work anywhere they want to place a Transponder reporting unit.and they they can even read transponder from other states
I don't know about California,
  but many other states use similar transponder units in vehicles. In our state there are readers all over the place. they are used for example to track vehicle movements, this information is used here in the North east to track unsuspecting Criminal suspects and to enforce traffic camera violations , some police vehicle have a reader in them to track suspects on the move .
And since there is a time stamp and unique serial number, they can be used by the police to get you a speeding ticket.
  Example a reader sees you moved from point A - B too quickly and Bingo ! your average speed over that distance is know They can be used for many purposes beyond toll collection

  Hacked transponder units may throw a monkey wrench into potential criminal investigations , traffic violation support and vehicle road use tracking statistics , and many things not know to the public , for example If I wanted to clobber only out of state drivers or those who can better pay fines, the police can just read these things and statistically more out of state drivers or those who travel and use hem have more money. What better way to target them for traffic violations and increasing revenue
In our state You must have good credit to get one of these things , so they know you can pay their big fines , and this is just but one nefarious use by crooked lawmakers

False Alibis? (0)

Anonymous Coward | about 6 years ago | (#24751869)

I wouldn't be worried about people using that system to make false alibis. Most people who have the technical knowledge even for a small hack would be paying someone else to do their dirty work for them anyway.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>