Current Insight Community Cases

Justifying Your Datacenter Management Improvements

Essential Datacenter Tips On Application Performance Monitoring

The Importance Of Skilled Immigrants To The American Economy

Help A New Kind of Music Label Revolutionize The Industry

Mandates To Buy American Should Be More Carefully Considered

Shut Us Up

-- For Only $100 Million

Brought to you by Floor64 and the Techdirt crew.

stories filed under: "e-passports"
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Thu, Aug 7th 2008 5:17pm


Filed Under:
automatic toll, e-passports, ez pass, fastpass, hacking, passports, security



Security? What Security? Automatic Toll Systems And Passports Found Easily Hackable

from the security-as-an-afterthought dept

At this point it shouldn't be a surprise that various systems that shouldn't be are quite easily hacked, but that doesn't make it any less disturbing. Over at this years Black Hat event there was a demonstration of just how easy it is to hack the automatic toll devices used at most bridges and toll roads throughout the country. The stunning part is that it appears that the folks who created these transponders did almost nothing to keep them secure. They're constantly broadcasting and they include no encryption. And this is a device that often connects directly to a registered credit card. Sense a potential problem? The researchers who showed this pointed out that it wouldn't be difficult for someone to clone your transponder and make you start paying for their tolls. Alternatively, it could be used to create an alibi for someone planning to commit a crime -- since police have used toll crossing data to establish where someone is.

Meanwhile, over in the UK, an investigation has found that the chips in the supposedly "fakeproof" e-passports are easily cloned, manipulated and passed through the checking machine -- which is especially worrisome given that 3,000 blank e-passports were stolen just last week. Of course, people have talked about the possibility of such hacks for years -- even before they were put in place -- to show how silly it was to think they were secure. And, of course, the best response comes from the UK gov't. After being presented with the fact that the chips can be changed or modified, the statement from the government was: "No one has yet been able to demonstrate that they are able to modify, change or alter data within the chip. If any data were to be changed, modified or altered it would be immediately obvious to the electronic reader." If you keep saying it, maybe you can pretend it's true.

In both cases, though, the striking thing is that these aren't "surprise" vulnerabilities. They should have been somewhat obvious to those who crafted these systems in the first place. Both are now working on "patches" to deal with the problems, but it's pretty difficult to completely patch a system that's so widespread -- and either way it will take some time. So why weren't these systems designed with better security in the first place?

7 Comments | Leave a Comment..

 
Search Techdirt
And now, a word from our Sponsors..
San Francisco Music Tech 2009
15% off discount for Techdirt Readers



Popular Posts
Poll

Which Internet Concern Worries You The Most?

 

 

 

 

 

 


Add Techdirt RSS To Your Reader
rss Add Techdirt to your Bloglines
Add Techdirt to your Google Add Techdirt to your My Yahoo
Add Techdirt to your Netvibes Add Techdirt to your Newsgator
Subscribe to Techdirt's Daily Email Newsletter

Techdirt's Daily Email Newsletter

Older Stuff

Monday

4:45pm: French Courts Continue To Penalize eBay For Actions Of Users (12)
3:36pm: Dear Peter Mandelson... Dan Bull Sings His Opposition To Kicking People Off The Internet (13)
2:14pm: If We Don't Kick People Off The Internet For File Sharing, Football Will Die (65)
1:00pm: More ACTA Leaks; Still Looking Really Bad (15)
11:37am: Other Legal Work Slow? Start A Practice To Help Patent Trolling (14)
10:23am: One Misguided Tweet Is 'Indisputable' Evidence That Piracy Harms Movies? (62)
9:10am: Italian Prosecutors Assume Google Execs Read All YouTube Comments; Demands Jailtime Over Video (32)
7:33am: Copyright Law Changes In India Could Gut Fair Use (18)
6:00am: UK Pub Owner Fined Due To Unauthorized Downloads On Free Pub WiFi? (41)
3:57am: Suing For Patent Infringement No Replacement For Actually Building A Real Business (31)
1:46am: Mininova Deletes Most Torrents Under Court Threat (49)

Wednesday

7:37pm: Stop Wallowing And Start Doing Cool Stuff With Business Models, The Wil Wheaton Edition (32)
6:51pm: Researchers: Copying And Imitation Is Good For Society (140)
6:05pm: Steve Jobs Tells Startup Startup To Change Names, Saying 'It's No Big Deal' (70)
5:26pm: Profitable 'Pay Us Or We'll Sue You For File Sharing' Scheme About To Send 30,000 More Letters (20)
4:46pm: UK Police Arresting People Just To Add To DNA Database? (18)
4:01pm: Funny How Those In Favor Of ACTA Are Against Treaty Providing More Access To Content For Vision Impaired (6)
3:15pm: Advertising As Content: Newspaper Raising Newsstand Prices For Thanksgiving Papers With Black Friday Ads (11)
2:14pm: Are Entertainment Industry Tactics Working? (50)
1:00pm: Photographer Compares Microstock Sites To Pollution And Drug Dealing (45)
11:48am: If Movie Piracy Is Really A Problem, It's Hollywood's Fault (78)
10:27am: If Google Visitors Are Worthless, It's Only Because Newspaper Execs Don't Know What They're Doing (37)
9:01am: Multitasking Is Our Main Activity (15)
7:33am: Greed vs. Due Diligence: Another Case Of Startup Fraud? (4)
6:01am: Anti-Piracy Group In Spain Fined For Bad Faith Actions Against File Sharing Systems (13)
3:55am: ABA Journal's Patent Application To Score Interview With USPTO Boss David Kappos (18)
1:44am: Can Universities Make Sure That Drugs Based On Their Research Are Licensed Reasonably? (19)

Tuesday

9:21pm: Companies Realizing That Content Is Advertising Via Web Series (12)
7:01pm: Could You Prove That The Government Was Watching You Illegally? (38)
4:56pm: Reuters, AP Refuse To Cover Cricket Matches Over Restrictive Press Accreditation Rules (21)
More arrow
Quick Links
Close
E-mail It