Security? What Security? Automatic Toll Systems And Passports Found Easily Hackable

from the security-as-an-afterthought dept

At this point it shouldn't be a surprise that various systems that shouldn't be are quite easily hacked, but that doesn't make it any less disturbing. Over at this years Black Hat event there was a demonstration of just how easy it is to hack the automatic toll devices used at most bridges and toll roads throughout the country. The stunning part is that it appears that the folks who created these transponders did almost nothing to keep them secure. They're constantly broadcasting and they include no encryption. And this is a device that often connects directly to a registered credit card. Sense a potential problem? The researchers who showed this pointed out that it wouldn't be difficult for someone to clone your transponder and make you start paying for their tolls. Alternatively, it could be used to create an alibi for someone planning to commit a crime -- since police have used toll crossing data to establish where someone is.

Meanwhile, over in the UK, an investigation has found that the chips in the supposedly "fakeproof" e-passports are easily cloned, manipulated and passed through the checking machine -- which is especially worrisome given that 3,000 blank e-passports were stolen just last week. Of course, people have talked about the possibility of such hacks for years -- even before they were put in place -- to show how silly it was to think they were secure. And, of course, the best response comes from the UK gov't. After being presented with the fact that the chips can be changed or modified, the statement from the government was: "No one has yet been able to demonstrate that they are able to modify, change or alter data within the chip. If any data were to be changed, modified or altered it would be immediately obvious to the electronic reader." If you keep saying it, maybe you can pretend it's true.

In both cases, though, the striking thing is that these aren't "surprise" vulnerabilities. They should have been somewhat obvious to those who crafted these systems in the first place. Both are now working on "patches" to deal with the problems, but it's pretty difficult to completely patch a system that's so widespread -- and either way it will take some time. So why weren't these systems designed with better security in the first place?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: automatic toll, e-passports, ez pass, fastpass, hacking, passports, security

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 13 Aug 2008 @ 3:48am

    Security in a different place

    At least some of the widely-used toll collection systems (e.g., the one's that use the EZ-Pass name in the US Northeast) knew from the beginning that the transponders could be cloned easily. Their security is elsewhere: They photograph the license plate and driver of every car. So, yes, you can drive around with a cloned pass - but eventually the original owner will complain, and there will be your car, plate, and photo providing evidence against you.

    Note that EZ-Pass requires that you use your pass with a single car/plate. Right now, they don't seem to do much with this, but I suspect that in the long run they'll go with automated license plate recognition, which is already a reasonably workable technology. Then they could instantly cross-check the transponder with the plate.

    You can come up with all sorts of variations on cloning, but they don't work out so well or are easy to counter. For example, you could build a device that listened for the passes being used as you approached a toll station and then just picked one and used it. That way, the any given person whose id you were using (a) would have only have one extra charge; (b) would have it at at time/place he expected to go. Of course, the system could easily spot multiple uses of the same id too close together. If you extend this to a "tumbler" system - record many id's over time and pick one at each toll station - you can probably keep going for a while, but eventually you're going to use an exhausted account, or one used 10 second before 100 miles away, or any of a variety of other things that will flag your car for a quick discussion with the police - at which point what you're doing is going to be pretty obvious.

    There are attacks on every system and there may be attacks on this one, but simple cloning is not a significant one.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.