Security? What Security? Automatic Toll Systems And Passports Found Easily Hackable
from the security-as-an-afterthought dept
At this point it shouldn't be a surprise that various systems that shouldn't be are quite easily hacked, but that doesn't make it any less disturbing. Over at this years Black Hat event there was a demonstration of just how easy it is to hack the automatic toll devices used at most bridges and toll roads throughout the country. The stunning part is that it appears that the folks who created these transponders did almost nothing to keep them secure. They're constantly broadcasting and they include no encryption. And this is a device that often connects directly to a registered credit card. Sense a potential problem? The researchers who showed this pointed out that it wouldn't be difficult for someone to clone your transponder and make you start paying for their tolls. Alternatively, it could be used to create an alibi for someone planning to commit a crime -- since police have used toll crossing data to establish where someone is.Meanwhile, over in the UK, an investigation has found that the chips in the supposedly "fakeproof" e-passports are easily cloned, manipulated and passed through the checking machine -- which is especially worrisome given that 3,000 blank e-passports were stolen just last week. Of course, people have talked about the possibility of such hacks for years -- even before they were put in place -- to show how silly it was to think they were secure. And, of course, the best response comes from the UK gov't. After being presented with the fact that the chips can be changed or modified, the statement from the government was: "No one has yet been able to demonstrate that they are able to modify, change or alter data within the chip. If any data were to be changed, modified or altered it would be immediately obvious to the electronic reader." If you keep saying it, maybe you can pretend it's true.
In both cases, though, the striking thing is that these aren't "surprise" vulnerabilities. They should have been somewhat obvious to those who crafted these systems in the first place. Both are now working on "patches" to deal with the problems, but it's pretty difficult to completely patch a system that's so widespread -- and either way it will take some time. So why weren't these systems designed with better security in the first place?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: automatic toll, e-passports, ez pass, fastpass, hacking, passports, security
Reader Comments
Subscribe: RSS
View by: Time | Thread
Q & A
answer: lowest bidder
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Did I miss some technological developement that only allows cars to be driven by their rightful owners? "Gee officer, even though I'm covered in blood, it couldn't have been me, my car... Uh, I mean *I* was across town at the time. Just check the toll records."
[ link to this | view in chronology ]
Re:
Maybe?
It's likely the toll information is used in conjunction with other evidence to lend weight. E.g. a witness says they saw someone who looked like X at location Y. Toll information backs this up.
[ link to this | view in chronology ]
Time to Market
[ link to this | view in chronology ]
further developments
[ link to this | view in chronology ]
Security in a different place
Note that EZ-Pass requires that you use your pass with a single car/plate. Right now, they don't seem to do much with this, but I suspect that in the long run they'll go with automated license plate recognition, which is already a reasonably workable technology. Then they could instantly cross-check the transponder with the plate.
You can come up with all sorts of variations on cloning, but they don't work out so well or are easy to counter. For example, you could build a device that listened for the passes being used as you approached a toll station and then just picked one and used it. That way, the any given person whose id you were using (a) would have only have one extra charge; (b) would have it at at time/place he expected to go. Of course, the system could easily spot multiple uses of the same id too close together. If you extend this to a "tumbler" system - record many id's over time and pick one at each toll station - you can probably keep going for a while, but eventually you're going to use an exhausted account, or one used 10 second before 100 miles away, or any of a variety of other things that will flag your car for a quick discussion with the police - at which point what you're doing is going to be pretty obvious.
There are attacks on every system and there may be attacks on this one, but simple cloning is not a significant one.
[ link to this | view in chronology ]
Re: Security in a different place
[ link to this | view in chronology ]