On Tue, 2008-08-26 at 10:52 -0400, Matt Blaze wrote:
> On Aug 26, 2008, at 10:15, [EMAIL PROTECTED] wrote:
> > So, I believe, at least for E-Z Pass, the attack would have to include
> > cloning the license plate and pictures may still be available whenever
> > a victim realizes they have been charged for trips they did not take.
> I believe that's correct.  In fact, the plate recognition technology  
> they
> use seems to be good enough to make the transponder itself redundant.
> I know several people with E-Z Pass who disconnected the internal
> battery of their transponder (out of concern that there might be
> hidden readers around town that track vehicles at places other than
> toll gates).   Even with dead transponders, their accounts are still
> charged accurately when they pass toll gates.  (The sign displays "EZ  
> Pass
> not read" or some such thing, but the account is debited within a day
> or two anyway).

This is the same for the state-wide Texas tag, TxTag[1].  If your tag
doesn't register, or you disable or remove it, the toll system can still
accurately bill you based on your license plate and vehicle
registration.  If you're not in the TxTag system at all, they simply
mail you a bill.

[1] http://www.txtag.org/

Dustin D. Trammell
Security Researcher
BreakingPoint Systems, Inc.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to