Security? What Security? Automatic Toll Systems And Passports Found Easily Hackable

from the security-as-an-afterthought dept

At this point it shouldn’t be a surprise that various systems that shouldn’t be are quite easily hacked, but that doesn’t make it any less disturbing. Over at this years Black Hat event there was a demonstration of just how easy it is to hack the automatic toll devices used at most bridges and toll roads throughout the country. The stunning part is that it appears that the folks who created these transponders did almost nothing to keep them secure. They’re constantly broadcasting and they include no encryption. And this is a device that often connects directly to a registered credit card. Sense a potential problem? The researchers who showed this pointed out that it wouldn’t be difficult for someone to clone your transponder and make you start paying for their tolls. Alternatively, it could be used to create an alibi for someone planning to commit a crime — since police have used toll crossing data to establish where someone is.

Meanwhile, over in the UK, an investigation has found that the chips in the supposedly “fakeproof” e-passports are easily cloned, manipulated and passed through the checking machine — which is especially worrisome given that 3,000 blank e-passports were stolen just last week. Of course, people have talked about the possibility of such hacks for years — even before they were put in place — to show how silly it was to think they were secure. And, of course, the best response comes from the UK gov’t. After being presented with the fact that the chips can be changed or modified, the statement from the government was: “No one has yet been able to demonstrate that they are able to modify, change or alter data within the chip. If any data were to be changed, modified or altered it would be immediately obvious to the electronic reader.” If you keep saying it, maybe you can pretend it’s true.

In both cases, though, the striking thing is that these aren’t “surprise” vulnerabilities. They should have been somewhat obvious to those who crafted these systems in the first place. Both are now working on “patches” to deal with the problems, but it’s pretty difficult to completely patch a system that’s so widespread — and either way it will take some time. So why weren’t these systems designed with better security in the first place?

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Security? What Security? Automatic Toll Systems And Passports Found Easily Hackable”

Subscribe: RSS Leave a comment
Rekrul says:

Alternatively, it could be used to create an alibi for someone planning to commit a crime — since police have used toll crossing data to establish where someone is.

Did I miss some technological developement that only allows cars to be driven by their rightful owners? “Gee officer, even though I’m covered in blood, it couldn’t have been me, my car… Uh, I mean *I* was across town at the time. Just check the toll records.”

Anonymous Coward says:

Re: Re:

“Did I miss some technological developement that only allows cars to be driven by their rightful owners?”


It’s likely the toll information is used in conjunction with other evidence to lend weight. E.g. a witness says they saw someone who looked like X at location Y. Toll information backs this up.

Anonymous Coward says:

Security in a different place

At least some of the widely-used toll collection systems (e.g., the one’s that use the EZ-Pass name in the US Northeast) knew from the beginning that the transponders could be cloned easily. Their security is elsewhere: They photograph the license plate and driver of every car. So, yes, you can drive around with a cloned pass – but eventually the original owner will complain, and there will be your car, plate, and photo providing evidence against you.

Note that EZ-Pass requires that you use your pass with a single car/plate. Right now, they don’t seem to do much with this, but I suspect that in the long run they’ll go with automated license plate recognition, which is already a reasonably workable technology. Then they could instantly cross-check the transponder with the plate.

You can come up with all sorts of variations on cloning, but they don’t work out so well or are easy to counter. For example, you could build a device that listened for the passes being used as you approached a toll station and then just picked one and used it. That way, the any given person whose id you were using (a) would have only have one extra charge; (b) would have it at at time/place he expected to go. Of course, the system could easily spot multiple uses of the same id too close together. If you extend this to a “tumbler” system – record many id’s over time and pick one at each toll station – you can probably keep going for a while, but eventually you’re going to use an exhausted account, or one used 10 second before 100 miles away, or any of a variety of other things that will flag your car for a quick discussion with the police – at which point what you’re doing is going to be pretty obvious.

There are attacks on every system and there may be attacks on this one, but simple cloning is not a significant one.

Matthew says:

Re: Security in a different place

They don’t actually photograph every license plate and car that goes through. If the transponder reads- no photo. That’s why I am stuck paying for $57 worth of tolls that have been run up and down the east coast while my car and transponder have never left Maryland. EZ Pass has no intention of refunding my money or giving me a new transponder to replace mine.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »