Re: road toll transponder hacked
On Thu, Aug 28, 2008 at 06:03:14PM +0200, Stefan Kelm wrote: > We've been helping the German "Toll Collect" system (as > discussed in this thread as well) setting up and implementing > their data privacy concept. This concept requires Toll Collect > to delete almost any data after a certain (quite short, actually) They (not Toll Collect, though) do a realtime query against a reasonably long list of license plates in some German states, I recall reading. http://www.heise.de/newsticker/Hessische-Polizei-hat-seit-Maerz-eine-Million-Kfz-Kennzeichen-gescannt--/meldung/99197 > amount of time. Even with disk prices falling they save lots > and lots of money (even compared to what we charged them for > telling them... :-) ). Given where things are headed in Germany, I guarantee you Toll Collect will be required by law to do data retention for at least a year or two in less than 5 years. http://www.heise.de/newsticker/Debatte-um-Zugriff-auf-LKW-Mautdaten-fuer-Fahndungen-geht-weiter--/meldung/76321 -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
> everything forever. With disk prices falling > as they are, keeping everything is cheaper > than careful selective deletion, that's for > sure. I disagree. We've been helping the German "Toll Collect" system (as discussed in this thread as well) setting up and implementing their data privacy concept. This concept requires Toll Collect to delete almost any data after a certain (quite short, actually) amount of time. Even with disk prices falling they save lots and lots of money (even compared to what we charged them for telling them... :-) ). Cheers, Stefan. Symposium Wirtschaftsspionage 03.09.2008 KA/Ettlingen http://www.symposium-wirtschaftsspionage.de/ - Stefan Kelm Security Consulting Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
On Thu, 28 Aug 2008 17:55:57 +0200 Stefan Kelm <[EMAIL PROTECTED]> wrote: > >> http://en.wikipedia.org/wiki/Toll_Collect is in operation in entire > >> Germany. It does OCR on all license plates (also used for police > >> purposes in realtime, despite initial vigorous denial) but > >> currently is only used for truck toll. > >> > > How well does that actually work? There were many articles in RISKS > > Digest about problems with the early deployment. > > That's true wrt to early deployment. Given that the Toll Collect > system has been up and running since January 2005 it (technically) > runs surprisingly well. They have improved tremendously and are > likely to sell their technology to other european countries. > I confess that from a privacy perspective, I'd prefer if it didn't work that well... Thanks. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
>> http://en.wikipedia.org/wiki/Toll_Collect is in operation in entire >> Germany. It does OCR on all license plates (also used for police >> purposes in realtime, despite initial vigorous denial) but currently >> is only used for truck toll. >> > How well does that actually work? There were many articles in RISKS > Digest about problems with the early deployment. That's true wrt to early deployment. Given that the Toll Collect system has been up and running since January 2005 it (technically) runs surprisingly well. They have improved tremendously and are likely to sell their technology to other european countries. Cheers, Stefan. Symposium Wirtschaftsspionage 03.09.2008 KA/Ettlingen http://www.symposium-wirtschaftsspionage.de/ - Stefan Kelm Security Consulting Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
Sherri Davidoff <[EMAIL PROTECTED]> writes: > [EMAIL PROTECTED] wrote: >> Look for general tracking to appear everywhere. > Anonymous travel is dead. Even for subway riders who still use tokens > and citizens that bicycle around town, the proliferation of cameras, > facial recognition technology, biometrics and RFID tagging will render > anonymity obsolete within a generation. Cryptography affords an alternative. Cryptography enables untraceable persistent pseudonyms created and maintained via chains of anonymizing remailers and broadcast replies. In the nightmare scenario that you describe, untraceable nyms may be the only way that one can live as a responsible adult, rather than a subject of a nanny state. -- StealthMonger <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> -- stealthmail: Scripts to hide whether you're doing email, or when, or with whom. mailto:[EMAIL PROTECTED] Finger for key. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
On Thu, 28 Aug 2008 10:49:20 +0200 Eugen Leitl <[EMAIL PROTECTED]> wrote: > On Wed, Aug 27, 2008 at 12:16:23PM -0400, Steven M. Bellovin wrote: > > > Finally, the transponders may not matter much longer; OCR on license > > plates is getting that good. As has already been mentioned, the 407 > > ETR road in Toronto already relies on this to some extent; it won't > > be too much longer before the human assist is all but unneeded. > > http://en.wikipedia.org/wiki/Toll_Collect is in operation in entire > Germany. It does OCR on all license plates (also used for police > purposes in realtime, despite initial vigorous denial) but currently > is only used for truck toll. > How well does that actually work? There were many articles in RISKS Digest about problems with the early deployment. And -- turning the topic back to crypto -- is there a cryptographic solution to license plates? Put another way, what are the legitimate needs of various parties, and can these be satisfied in a privacy-preserving way? (Note: I do not regard "put a digital cash wallet in the transponder" as a solution to the license plate problem, since it doesn't handle the problem of toll evaders, people who aren't members of the system, and many other things that license plates are used for.) --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
On Wed, Aug 27, 2008 at 12:16:23PM -0400, Steven M. Bellovin wrote: > Finally, the transponders may not matter much longer; OCR on license > plates is getting that good. As has already been mentioned, the 407 > ETR road in Toronto already relies on this to some extent; it won't be > too much longer before the human assist is all but unneeded. http://en.wikipedia.org/wiki/Toll_Collect is in operation in entire Germany. It does OCR on all license plates (also used for police purposes in realtime, despite initial vigorous denial) but currently is only used for truck toll. -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
On 27 aug, Steven M. Bellovin wrote: > Finally, the transponders may not matter much longer; OCR on license > plates is getting that good. As has already been mentioned, the 407 > ETR road in Toronto already relies on this to some extent; it won't be > too much longer before the human assist is all but unneeded. We are already there. The London congestion charges are as far as I know completely based on OCR. The same goes for the congestion charge in Stockholm. In Stockholm they initially gave out transponders but they have stopped doing that, probably because the OCR technology is good enough. I think that the primary reason they are going for systems like that is that it is much cheaper to install and run than distributing a lot of transponders or building and staffing toll-booths. The tracking capabilities is merely an added bonus. In Göteborg they have a system with cameras which looks at license plates at different locations and through that measure how long it takes to drive certain routes. This system is still under construction but there are some information billboards where they show the current driving time to various targets. They say that they mask out the last digit of the plate and destroy the information after a short while, but who knows. /MaF -- Martin Forssen <[EMAIL PROTECTED]> Development Manager Phone: +46 31 7744361 AppGate Network Security AB - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
>> The relationship to this list may then be thin >> excepting that the collection and handling of >> such data remains of substantial interest. > >Actually, it points to cash settlement of road tolls. That's not unknown. On the Niagara Falls toll bridges, they have an ETC system where you buy your transponder for cash at a toll booth and refill it with cash. I suppose they could take your picture and link it to your license plate, but they can do that if you throw quarters into the bin, too. R's, John - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
"Steven M. Bellovin" writes, in part:
-+---
| There's a limit to how far they can go with that, because of the fear
| of people abandoning the transponders.
|
| As for usage-based driving -- the first question is the political will
| to do so.
|
| Finally, the transponders may not matter much longer; OCR on license
| plates is getting that good.
|
I don't think whether it is a transponder or not
actually matters, Steve, since, as you say, OCR
of the license plates makes whether a transponder
is in place totally irrelevant.
As to public resistance -- look at the revenue
coming in to, say, Chicago from the red-light
cameras and tell me that this won't spread.
Similarly, per-mile road-use pricing will be
all about revenue enhancement but it will be
painted DHS-faireness-green ("So as to fairly
fund the maintainance of this State's critical
infrastructure, this Act converts the funding
mechanisms over to a fairer road-use policy
but, at the same time, it leaves in place the
State gasoline tax, thereby penalizing the
people who continue to drive gas guzzlers").
Which leads back to the recording of travel
and the handling of those recordings. When
New Jersey signed up with EZ-Pass it required
the company involved to retain toll records
for ten years (as an aid to law enforcement).
Since that is the same company in lots of
states even if it is called something else
(like FastLane in Massachusetts), the rational
thing for the company to do is to just keep
everything forever. With disk prices falling
as they are, keeping everything is cheaper
than careful selective deletion, that's for
sure.
--dan
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
> Personally, I don't want to have a history of my travel stored in any > database. Right now, purchasing a one-time CharlieTicket is a 30 cent > surcharge per ride, but it is the only way to take the subway in Boston > without creating a travel history. Privacy in public transportation > should be equally accessible to all citizens, regardless of financial > resources. I suspect that you, as do I, pay for as many things in cash as humanly possible though, of course, we are well past the point at which paying for an airline ticket, say, in cash does anything more than make you even more inspected than you would be if you used credit. That said, the 30c surcharge for having no record kept for riding the subway is at once a "price" for privacy that is at least expressed in the coin of the realm and, at the same time, not a guarantee, just a side effect. If the MBTA general manager were to say "For 30c more, we promise to forget you were a passenger" he would be out of a job in the morning at the Governor's demand and there'd be wide agitation against the idea that better off people get privacy when poor folks don't. Do you suppose that we can, just possibly, make privacy into a class warfare issue? We sort of do that already in that the people who make privacy law, legislature and executive alike, are afforded precisely zero privacy by both the courts and the press. As such, one has to be a truly addled optimist to imagine that those who have no privacy are nevertheless willing to grant you more privacy than they have, unless they are somehow nostalgic for what they themselves lost in becoming a member of government. Me, I think that the loss of privacy required to become part of government is a sieve for not caring about such issues because, if you did care, you wouldn't go into government in the first place. --dan - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
On Wed, 27 Aug 2008 07:10:51 -0400 [EMAIL PROTECTED] wrote: > > Bill Frantz writes, in part: > -+-- > | In the San Francisco Bay Area, they are using the transponder codes > | to measure how fast traffic is moving from place to place. They > | post the times to various destinations on the electric signs when > | there are no Amber alerts or other more important things to > | display. It is quite convenient, and they promise they don't use it > | to track people's trips. > | > > > Look for general tracking to appear everywhere. > Fast declining gasoline tax revenues will be > replaced with per-mile usage fees, i.e., every > major road becomes a toll road. Most likely > first in will be California and/or Oregon. > > The relationship to this list may then be thin > excepting that the collection and handling of > such data remains of substantial interest. Of > course, everyone who carries a cell phone has > already decided that convenience trumps security, > at least the kind of security that says "they > can't misuse what they ain't got." > There's a limit to how far they can go with that, because of the fear of people abandoning the transponders. For example -- they absolutely will not use it for automated speeding tickets on, say, the NJ Turnpike, because if they did people would stop using their EZPasses. Given what a high percentage of drivers use them, especially at rush hour, they make a significant improvement in throughput and safety at toll plazas. On congested roads, throughput is *extremely* important. As for usage-based driving -- the first question is the political will to do so. In NYC, there's been tremendous resistance to things like tolls over the East River bridges or congestion charges for driving into much of Manhattan during the business day -- the Mayor tried very hard, but was unable to push it through the state legislature. That said, I've seen some papers on how use of these transponders has desensitized people towards the actual tolls they pay, and hence to toll increases. Finally, the transponders may not matter much longer; OCR on license plates is getting that good. As has already been mentioned, the 407 ETR road in Toronto already relies on this to some extent; it won't be too much longer before the human assist is all but unneeded. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
[EMAIL PROTECTED] wrote: > Look for general tracking to appear everywhere. Anonymous travel is dead. Even for subway riders who still use tokens and citizens that bicycle around town, the proliferation of cameras, facial recognition technology, biometrics and RFID tagging will render anonymity obsolete within a generation. I believe the public's next battleground is to gain control over what *happens* to our data, and how it's used. Right now there is very little transparency. Transportation organizations are collecting a lot of information about people, and there is very little public input or disclosure regarding uses, length of storage time, or standards for securing this data. Boston's MBTA, for example, does not consider the CharlieCard's serial number to be personal information, and it therefore reserves the right to store rider histories associated with each card *indefinitely*. Even when CharlieCards are obtained "anonymously" (not the majority) they can always be linked to the financial transactions DB which also stores the card serial number (ie. if you even once pay with credit card, your CharlieCard is not anonymous any more). This isn't publicized; it's information I obtained by doggedly calling the MBTA's IT department. I believe the public should have the following rights: - The public should have regular input on how long personal data is stored and how it is managed. - Disabled people and senior citizens should have access to the same level of privacy as everyone else. (Right now in Boston, they cannot obtain a CharlieCard without having their personal information associated with the card and permanently stored by the MBTA.) - Transportation organizations should be required to publicly disclose what data is collected about individuals, and how long that data is stored. - Individuals should be able to easily find out who has accessed their travel histories and the purpose of disclosure. - Transportation organizations that store personal data should be subject to regular external audits to ensure that they are in compliance with standards, and that they have implemented appropriate measures to secure personal data. A summary of these results should be made public. Personally, I don't want to have a history of my travel stored in any database. Right now, purchasing a one-time CharlieTicket is a 30 cent surcharge per ride, but it is the only way to take the subway in Boston without creating a travel history. Privacy in public transportation should be equally accessible to all citizens, regardless of financial resources. Sherri -- http://philosecurity.org - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
On Aug 27, 2008, at 7:10 AM, [EMAIL PROTECTED] wrote: The relationship to this list may then be thin excepting that the collection and handling of such data remains of substantial interest. Actually, it points to cash settlement of road tolls. Most likely digital bearer transaction settlement, in the long run. But y'all knew I'd say that, right? :-) Cheers, RAH - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
Bill Frantz writes, in part: -+-- | In the San Francisco Bay Area, they are using the transponder codes | to measure how fast traffic is moving from place to place. They | post the times to various destinations on the electric signs when | there are no Amber alerts or other more important things to | display. It is quite convenient, and they promise they don't use it | to track people's trips. | Look for general tracking to appear everywhere. Fast declining gasoline tax revenues will be replaced with per-mile usage fees, i.e., every major road becomes a toll road. Most likely first in will be California and/or Oregon. The relationship to this list may then be thin excepting that the collection and handling of such data remains of substantial interest. Of course, everyone who carries a cell phone has already decided that convenience trumps security, at least the kind of security that says "they can't misuse what they ain't got." --dan - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
[EMAIL PROTECTED] (Ken Buchanan) on Tuesday, August 26, 2008 wrote: >I think this is a bit different than what Michael Heyman said. TxTag, >IIRC, was implemented by the same company (Raytheon) that implemented >the 407 ETR toll system in Toronto. In the case of the 407, there is >no image recognition done if the car has a valid transponder. Only in >the case of a missing or invalid transponder is the plate imagery >used. Supposedly the OCR has a high enough error rate that there is >still manual verification of plates before sending a bill, and >accordingly a $3.60 additional charge is applied per trip. > >If the images are used even when the vehicle has a valid transponder >-- as Michael Heyman suggests is happening with E-ZPass -- then it >might be feasible to have back end defenses against cloning, though >not without inconvenience to customers who borrow cars, buy new cars, >or rent cars while their own is getting serviced. Also as Matt Blaze >pointed out this makes the transponder wholly redundant. I could see where knowing what the license plate should be, from the transponder code, could feed back into the OCR and only generate a hit when the disagreement was obvious. In the San Francisco Bay Area, they are using the transponder codes to measure how fast traffic is moving from place to place. They post the times to various destinations on the electric signs when there are no Amber alerts or other more important things to display. It is quite convenient, and they promise they don't use it to track people's trips. If one were paranoid, one could put a different ID into the transponder for each trip, and only put the one it was issued with into it for toll crossings. :-) Cheers - Bill --- Bill Frantz|"We used to quip that "password" is the most common 408-356-8506 | password. Now it's 'password1.' Who said users haven't www.periwinkle.com | learned anything about security?" -- Bruce Schneier - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
On Tue, 2008-08-26 at 13:22 -0400, Ken Buchanan wrote: > On Tue, Aug 26, 2008 at 11:56 AM, Dustin D. Trammell > <[EMAIL PROTECTED]> wrote: > > This is the same for the state-wide Texas tag, TxTag[1]. If your tag > > doesn't register, or you disable or remove it, the toll system can still > > accurately bill you based on your license plate and vehicle > > registration. If you're not in the TxTag system at all, they simply > > mail you a bill. > > I think this is a bit different than what Michael Heyman said. TxTag, > IIRC, was implemented by the same company (Raytheon) that implemented > the 407 ETR toll system in Toronto. In the case of the 407, there is > no image recognition done if the car has a valid transponder. Only in > the case of a missing or invalid transponder is the plate imagery > used. Supposedly the OCR has a high enough error rate that there is > still manual verification of plates before sending a bill, and > accordingly a $3.60 additional charge is applied per trip. > > If the images are used even when the vehicle has a valid transponder > -- as Michael Heyman suggests is happening with E-ZPass -- then it > might be feasible to have back end defenses against cloning, though > not without inconvenience to customers who borrow cars, buy new cars, > or rent cars while their own is getting serviced. Also as Matt Blaze > pointed out this makes the transponder wholly redundant. I can confirm that they definitely use imagery even when a valid transponder is detected. A couple years or so ago I had to put my vehicle in the shop and use the wife's for a few days. I assumed that I could use my TxTag in her vehicle, and it would simply bill my account, however a couple of weeks later I received a bill for the tolls, billed to the owner of her vehicle at our address. When I called to inquire, they informed me that it did read the transponder, but mismatched with the plates. There was a grace period during which I could update the transponder to the new vehicle and avoid the fines, but as I would be getting my vehicle back in a few days, I opted to just order a second transponder for her car. They were kind enough to transfer the tolls to the new transponder and waive the fees. -- Dustin D. Trammell Security Researcher BreakingPoint Systems, Inc. signature.asc Description: This is a digitally signed message part
Re: road toll transponder hacked
>> > So, I believe, at least for E-Z Pass, the attack would have to include >> > cloning the license plate and pictures may still be available whenever >> > a victim realizes they have been charged for trips they did not take. The 407 toll road in Toronto uses entirely automated toll collection. They offer transponders (which, annoyingly, are the same system as NY's EZ-Pass but don't interoperate) for commuters and trucks, but for casual use by cars, it reads your plates and sends you a bill. I can report from experience that when I use it with my NY plates, I always get a bill a month or so later. R's, John - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
On Tue, Aug 26, 2008 at 11:56 AM, Dustin D. Trammell <[EMAIL PROTECTED]> wrote: > This is the same for the state-wide Texas tag, TxTag[1]. If your tag > doesn't register, or you disable or remove it, the toll system can still > accurately bill you based on your license plate and vehicle > registration. If you're not in the TxTag system at all, they simply > mail you a bill. I think this is a bit different than what Michael Heyman said. TxTag, IIRC, was implemented by the same company (Raytheon) that implemented the 407 ETR toll system in Toronto. In the case of the 407, there is no image recognition done if the car has a valid transponder. Only in the case of a missing or invalid transponder is the plate imagery used. Supposedly the OCR has a high enough error rate that there is still manual verification of plates before sending a bill, and accordingly a $3.60 additional charge is applied per trip. If the images are used even when the vehicle has a valid transponder -- as Michael Heyman suggests is happening with E-ZPass -- then it might be feasible to have back end defenses against cloning, though not without inconvenience to customers who borrow cars, buy new cars, or rent cars while their own is getting serviced. Also as Matt Blaze pointed out this makes the transponder wholly redundant. Ken - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
On Tue, 2008-08-26 at 10:52 -0400, Matt Blaze wrote: > On Aug 26, 2008, at 10:15, [EMAIL PROTECTED] wrote: > > So, I believe, at least for E-Z Pass, the attack would have to include > > cloning the license plate and pictures may still be available whenever > > a victim realizes they have been charged for trips they did not take. > > I believe that's correct. In fact, the plate recognition technology > they > use seems to be good enough to make the transponder itself redundant. > I know several people with E-Z Pass who disconnected the internal > battery of their transponder (out of concern that there might be > hidden readers around town that track vehicles at places other than > toll gates). Even with dead transponders, their accounts are still > charged accurately when they pass toll gates. (The sign displays "EZ > Pass > not read" or some such thing, but the account is debited within a day > or two anyway). This is the same for the state-wide Texas tag, TxTag[1]. If your tag doesn't register, or you disable or remove it, the toll system can still accurately bill you based on your license plate and vehicle registration. If you're not in the TxTag system at all, they simply mail you a bill. [1] http://www.txtag.org/ -- Dustin D. Trammell Security Researcher BreakingPoint Systems, Inc. signature.asc Description: This is a digitally signed message part
Re: road toll transponder hacked
On Aug 26, 2008, at 10:15, [EMAIL PROTECTED] wrote: On Tue, Aug 26, 2008 at 9:24 AM, Perry E. Metzger <[EMAIL PROTECTED]> wrote: http://www.technologyreview.com/Infotech/21301/?a=f From the article: "other toll systems, like E-Z Pass and I-Pass, need to be looked at too" A couple years ago I got a letter from E-Z Pass a few days after I used my transponder in my new car without registering my new car. They gave me a grace period to register before making me pay some sort of penalty. So, I believe, at least for E-Z Pass, the attack would have to include cloning the license plate and pictures may still be available whenever a victim realizes they have been charged for trips they did not take. I believe that's correct. In fact, the plate recognition technology they use seems to be good enough to make the transponder itself redundant. I know several people with E-Z Pass who disconnected the internal battery of their transponder (out of concern that there might be hidden readers around town that track vehicles at places other than toll gates). Even with dead transponders, their accounts are still charged accurately when they pass toll gates. (The sign displays "EZ Pass not read" or some such thing, but the account is debited within a day or two anyway). -matt - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: road toll transponder hacked
On Tue, Aug 26, 2008 at 9:24 AM, Perry E. Metzger <[EMAIL PROTECTED]> wrote: > Despite previous reassurances about the security of the system, > Nate Lawson of Root Labs claims that the unique identity numbers > used to identify the FasTrak wireless transponders carried in cars > can be copied or overwritten with relative ease. > Nate hasn't disclosed details of the code that wirelessly overwrites a transponder's ID. The temptation would be too great for many to copy an annoying neighbour's transponder ID, and then drive through a busy mall parking lot cloning it onto every transponder in proximity. As mentioned in the article, the vendors have claimed it was read-only, even though it uses flash memory (I guess technically they could cut the write line in manufacturing, but realistically that was highly unlikely even before Nate did this work). I would speculate that they just looked at the high level design, which didn't contain any specifications for features to write to memory, and decided that meant 'read-only'. In the meantime, the implementers don't see any harm in adding a few extra features *beyond* what is in the design (viz.: the overwrite code) especially where that might be useful for testing and diagnostics. As an aside: Isn't it noteworthy how much less press this has gotten than the Boston subway hacks, even though it is (IMO) of much greater severity? There might be a lesson there for the Massachussetts Bay Transit Authority. Ken - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: road toll transponder hacked
On Tue, Aug 26, 2008 at 9:24 AM, Perry E. Metzger <[EMAIL PROTECTED]> wrote: > > http://www.technologyreview.com/Infotech/21301/?a=f > >From the article: "other toll systems, like E-Z Pass and I-Pass, need to be looked at too" A couple years ago I got a letter from E-Z Pass a few days after I used my transponder in my new car without registering my new car. They gave me a grace period to register before making me pay some sort of penalty. So, I believe, at least for E-Z Pass, the attack would have to include cloning the license plate and pictures may still be available whenever a victim realizes they have been charged for trips they did not take. -Michael Heyman - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
road toll transponder hacked
Drivers using the automated FasTrak toll system on roads and bridges in California's Bay Area could be vulnerable to fraud, according to a computer security firm in Oakland, CA. Despite previous reassurances about the security of the system, Nate Lawson of Root Labs claims that the unique identity numbers used to identify the FasTrak wireless transponders carried in cars can be copied or overwritten with relative ease. http://www.technologyreview.com/Infotech/21301/?a=f -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
