Feeds

Hack ushers in the insatiable toll booth

The FasTrak to fraud and empty accounts

Boost IT visibility and business value

Black Hat A widely used device for paying traffic tolls electronically is vulnerable to tampering that could create trouble for those who use it, a researcher said Wednesday.

The FasTrak transponder uses radio frequency identification (RFID) technology to communicate with reader devices located at toll booths. Motorists use the devices to debit money from pre-established accounts so they don't have to wait in line to pay by cash. About 1 million of the devices are in use in California, according to a recent news report.

It turns out the FasTrak unit broadcasts its unique identification in the clear, allowing anyone who may be eavesdropping on the session to copy the ID and create cloned devices. Attackers could carry a simple hand-held device through a parking lot to sweep up large numbers of IDs and then sell counterfeited transponders. People whose devices were cloned would have no idea until they received bills for tolls they never authorized.

"It charges tolls to other people's accounts," said Nate Lawson, principal with security consulting firm Root Labs, who presented his findings at the Black Hat security conference in Las Vegas. "If you've read the ID from someone else and replay it, you're basically them and they get charged."

What's more, the FasTrak has an update mechanism that can get triggered without authentication. That allows attackers with simple equipment to reprogram the ID of devices belonging to other people.

The defects could be used to create chaos for the government agencies that rely on the transponder. Using ad-hoc devices placed at the side of a highway, miscreants could resign IDs for hundreds of thousands of devices. The attack would cause millions of dollars in uncollected tolls and replacement fees.

The design could also allow for other types of mischief. For instance, a person could carry out an "alibi attack" by writing his ID to someone else's device. When that person crossed a toll bridge, FasTrak records would show it was the attacker, not the victim, who took the trip, allowing the attacker to create a false alibi.

Lawson carried out his research by dissecting two transponders. Older models allowed him to easily access the firmware and all the data it stores. Newer models contain a "lockbit" that prevents access to the firmware, but with the help of fellow researcher Chris Tarnovsky, Lawson was also able to circumvent the measure.

So far, Lawson has had trouble getting the agencies that use FasTrak to respond to his research. He has not yet contacted Sirit Technologies, the manufacturer of the transponder. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?