subscribe to our feed.
Nate Lawson with Root Labs presented at Black Hat on some pretty interesting hacking. This quote is straight from his blog:
“I haven’t revealed all the details yet about my Blackhat talk on RFID toll pass security. One reason was I hoped to speak with Bay Area transit officials to alert them beforehand. The other reason is that I’ve still been analyzing the potential impact of the flaws I found.
Well, the results are in and it’s pretty serious. I’m reasonably certain an attacker can send a couple messages to a FasTrak transponder and wipe its internal ID. Also, the ID can be overwritten with a different one. There is a population of at least 1 million of these vulnerable transponders in California, sold over the past 15 years. They conduct 50 million transactions per year on Bay Area bridges. This does not include their use on southern California toll roads.
I think this is a big deal. If anyone reading this is responsible for engineering at FasTrak, please contact me. The messages I’ve sent via your website haven’t worked. Thanks.”
The idea of utilizing multiple ID’s is a pretty scary one. And it sounds like this is more an issue for FasTrack than for its customers. If it can’t validate the identity of the person using the ID, then it sounds like they will be issuing free tolls and spending lots of money tracking all this down. Hopefully FasTrack can resolve that quickly.
If you would like to make a comment, please fill out the form below.
Recent Comments