Current Insight Community Cases

Justifying Your Datacenter Management Improvements

Essential Datacenter Tips On Application Performance Monitoring

The Importance Of Skilled Immigrants To The American Economy

Help A New Kind of Music Label Revolutionize The Industry

Mandates To Buy American Should Be More Carefully Considered

Check out our CwF + RtB experiment.
Brought to you by Floor64 and the Techdirt crew.

stories filed under: "fastpass"
(Mis)Uses of Technology

(Mis)Uses of Technology

by Mike Masnick

Thu, Aug 7th 2008 5:17pm


Filed Under:
automatic toll, e-passports, ez pass, fastpass, hacking, passports, security



Security? What Security? Automatic Toll Systems And Passports Found Easily Hackable

from the security-as-an-afterthought dept

At this point it shouldn't be a surprise that various systems that shouldn't be are quite easily hacked, but that doesn't make it any less disturbing. Over at this years Black Hat event there was a demonstration of just how easy it is to hack the automatic toll devices used at most bridges and toll roads throughout the country. The stunning part is that it appears that the folks who created these transponders did almost nothing to keep them secure. They're constantly broadcasting and they include no encryption. And this is a device that often connects directly to a registered credit card. Sense a potential problem? The researchers who showed this pointed out that it wouldn't be difficult for someone to clone your transponder and make you start paying for their tolls. Alternatively, it could be used to create an alibi for someone planning to commit a crime -- since police have used toll crossing data to establish where someone is.

Meanwhile, over in the UK, an investigation has found that the chips in the supposedly "fakeproof" e-passports are easily cloned, manipulated and passed through the checking machine -- which is especially worrisome given that 3,000 blank e-passports were stolen just last week. Of course, people have talked about the possibility of such hacks for years -- even before they were put in place -- to show how silly it was to think they were secure. And, of course, the best response comes from the UK gov't. After being presented with the fact that the chips can be changed or modified, the statement from the government was: "No one has yet been able to demonstrate that they are able to modify, change or alter data within the chip. If any data were to be changed, modified or altered it would be immediately obvious to the electronic reader." If you keep saying it, maybe you can pretend it's true.

In both cases, though, the striking thing is that these aren't "surprise" vulnerabilities. They should have been somewhat obvious to those who crafted these systems in the first place. Both are now working on "patches" to deal with the problems, but it's pretty difficult to completely patch a system that's so widespread -- and either way it will take some time. So why weren't these systems designed with better security in the first place?

7 Comments | Leave a Comment..

 
Search Techdirt
And now, a word from our Sponsors..
San Francisco Music Tech 2009
15% off discount for Techdirt Readers



Popular Posts
Poll

Which Internet Concern Worries You The Most?

 

 

 

 

 

 


Add Techdirt RSS To Your Reader
rss Add Techdirt to your Bloglines
Add Techdirt to your Google Add Techdirt to your My Yahoo
Add Techdirt to your Netvibes Add Techdirt to your Newsgator
Subscribe to Techdirt's Daily Email Newsletter

Techdirt's Daily Email Newsletter

Older Stuff

Wednesday

6:05pm: Steve Jobs Tells Startup Startup To Change Names, Saying 'It's No Big Deal' (69)
5:26pm: Profitable 'Pay Us Or We'll Sue You For File Sharing' Scheme About To Send 30,000 More Letters (20)
4:46pm: UK Police Arresting People Just To Add To DNA Database? (18)
4:01pm: Funny How Those In Favor Of ACTA Are Against Treaty Providing More Access To Content For Vision Impaired (6)
3:15pm: Advertising As Content: Newspaper Raising Newsstand Prices For Thanksgiving Papers With Black Friday Ads (11)
2:14pm: Are Entertainment Industry Tactics Working? (50)
1:00pm: Photographer Compares Microstock Sites To Pollution And Drug Dealing (45)
11:48am: If Movie Piracy Is Really A Problem, It's Hollywood's Fault (77)
10:27am: If Google Visitors Are Worthless, It's Only Because Newspaper Execs Don't Know What They're Doing (37)
9:01am: Multitasking Is Our Main Activity (15)
7:33am: Greed vs. Due Diligence: Another Case Of Startup Fraud? (4)
6:01am: Anti-Piracy Group In Spain Fined For Bad Faith Actions Against File Sharing Systems (13)
3:55am: ABA Journal's Patent Application To Score Interview With USPTO Boss David Kappos (18)
1:44am: Can Universities Make Sure That Drugs Based On Their Research Are Licensed Reasonably? (19)

Tuesday

9:21pm: Companies Realizing That Content Is Advertising Via Web Series (12)
7:01pm: Could You Prove That The Government Was Watching You Illegally? (38)
4:56pm: Reuters, AP Refuse To Cover Cricket Matches Over Restrictive Press Accreditation Rules (21)
3:21pm: Comparing File Sharing To Payola: Could Have Had That Promotion For Free (34)
1:56pm: Jury Says Fictional Character Can Be Libelous (28)
12:44pm: Spam King Alan Ralsky Gets Four Years In Jail (28)
11:39am: Publishers Getting The Wrong Message Over eBook Piracy (39)
10:28am: Calling For An Independent Invention Defense In Patents (28)
9:12am: Microsoft Tries To Silence Revelation Of Bing Cashback Flaws; Leads To Revelation Of Other Problems (43)
8:03am: Don't Blame Facebook For Some Kids Beating Up Another Student (61)
6:46am: Hulu Telling Sites To Stop Embedding So Much (44)
5:00am: Once Again, If The Gov't Has Data, It Will Be Abused (42)
2:53am: As Expected, Social Networking Generation Running For Office Face Their Permanent Record Online (32)
12:55am: IMAX Sues Cinemark For Building Competing System... While Being An IMAX Customer (14)

Monday

10:26pm: Filmmaker Allowed To Use The Name Rin Tin Tin To Describe Rin Tin Tin (6)
8:25pm: Senators Begin Questioning ACTA Secrecy (32)
More arrow
Quick Links
Close
E-mail It