Transportation Hack 2.0

Thursday, August 28th, 2008

PC World calls it Transportation Hack 2.0, but the flaw found in California’s FasTrak system is so simple, I’m not sure it’s even a “hack” to defeat it:

The hack, exposed at the Black Hat security conference by Root Labs’ Nate Lawson, involves overwriting the unique ID number on a car’s wireless transponder. The transponder is what communicates with the toll system to electronically pay a driver’s fee. By overwriting the number, then, a hacker could use someone else’s digits…and thus, someone else’s dime.

Lawson says the transponders have no encryption — the same issue raised with Boston’s card-based system. In the FasTrak instance, the discovery goes directly against the company’s past claims that the data is secure and protected.

Leave a Reply