On Wed, Aug 27, 2014 at 3:21 PM, Peter Trei <[email protected]> wrote: > On 26 Aug 2014 21:28:49 -0000 "John Levine" <[email protected]> wrote: > > Subject: Re: [Cryptography] toll bills, was Encryption opinion > >>> I've not been on any of those > ?>roads, but I've gotten three e-mailed bills in the last two weeks >>>that to the unskeptical eye look fully legitimate, which also >>>indicates that the phishers know that my geolocation makes driving >>>such roads plausible. > >> It's not geolocation, everyone is getting E-ZPass spam this month. I >> have an E-ZPass account, and can report that it looks nothing like the >> real mail they send, which just tells you to look at their web site >> for a statement or other message. This is aimed at the same kinds of >> suckers who fall for 419. > >> I also got an actual e-mail this month from an actual toll road >> telling me about an actual charge due to actually driving on it. It >> was the 407 in Toronto, not E-ZPass, and I knew they'd be billing me >> so I set up an account so they'd e-mail me instead of the default >> paper bill, but still ... > >> John > >> PS: So is there any crypto on toll transponders, or could I >> skim them from the side of the road and make clones? > > Apparently some do, most don't. EZ Passes are made by > Kapsch (Kapsch.net), which has data sheets available, and has > made their protocols open source. > > You can easily modify one to inform you of when its queried: > http://www.popsci.com/article/diy/ezpass-hack-covert-scanning
" Bear <[email protected]> Aug 28 (4 days ago) I've got one. It's an envelope lined with copper foil. I get the pass out when approaching a toll booth, and put it back (and put the 'chip clip' back on the envelope to ensure that the foil makes good electrical contact) as I pull away from the toll booth. A toggle switch would be nice, but we can be fairly confident that a Faraday cage is working as designed. Bear. " > ...and it turns out they're queried all over the place, not just at > tolls. There have been proposals for a 'kill switch' which would > allow you to disable it except when approaching a toll, but I > haven't seen that. > > But its moot, anyway. Transponders are being replaced by > license plate scanning. This is yet another case where we > accepted something (permanently visible LPs) on the basis > that no one could track every plate, everywhere, all the time. > Technology moved on, and invalidated that promise of > privacy-unless-they-really-really-need-to-violate-it. So you need active defense of plate masks/obfuscation mechanichs... flip down blanking devices, character cards, mask films on a loop roll motor, OLED plates. DIY 007. Drive masked, reveal as needed. Worst case, you don't notice the cop car near you and get a paper ticket for no plate or a hacked random nonspec plate. $100+... better than daily loss of privacy to intersection/roadside cams, google robot cars, etc. Next battle... killing all the manufacturer supplied transponders in your car... Then your cell phone.
