Operation Bootstrap

Web Operations, Culture, Security & Startups.

RFID Toll Passes at Risk (Big Surprise)

| Comments

I just read this article from Securityfocus about Nate Lawson’s BlackHat talk of a vulnerability in the FasTrack transponders used for toll in the Bay Area. When I originally received my transponder many years ago I had some concerns – at the time RFID hacking was all over the news and the talk of US Passports containing RFID tags was everyone’s concern. Much of my concern came from the ability to clone an RFID tag which would make it possible to be someone else as you pass through the toll booth.

FasTrack as well as other electronic toll systems are used for more than just toll in most cases. They are the pigment that flows through our interstate arteries allowing traffic analysis so that you can check for traffic on your way home at night using Google maps. I also have to believe that they are used by law enforcement to establish place and time of an individual or at least their vehicle.

What has always struck me is that FasTrack has never been concerned with the reliability of their transponders when it comes to toll collection. I’ve had numerous misses on mine as I drove through the toll plaza and had a dead battery in mine for months. When I called to have it replaced they told me not to worry about it – that after a certain number of misses they’ll automatically send a new one. They’re obviously not very concerned about the transponders functionality.

In all these cases they use license plate recognition to identify you. So I ask myself, why carry your transponder at all? It seems to me that by doing so you are simply participating in traffic analysis and allowing yourself to be located but are in no way risking a ticket or otherwise threatening the purpose for which you bought the transponder in the first place.

I would love to hear opinions on this.