Security experts warn that toll road transponders could be vulnerable to attack by digital thieves. Nate Lawson, founder of the computer security firm Root Labs, investigated what privacy protections the FasTrak transponders offered and was surprised to find there were none.
Each RFID transponder sends a unique identification code to scanners positioned at toll booths. A computer matches this code with payment information to collect the toll. It took Lawson just five days to figure out the internal software functions of the FasTrak transponder that he purchased for just US$26.00 at a local supermarket. He found that anybody could put together an inexpensive RFID scanner to read the ID code of any vehicle remotely.
California’s 511 uses scanners on the highway network to track the movement of motorists with toll transponders to monitor traffic flow. According to the Caltrans, the system tracks individual ID codes and stores movements for each car in a database for 24 hours. Lawson says that anyone with access to the database could track any vehicle after having scanned its ID code just once.
Lawson also described how the transponders could be reprogrammed with another code. Thieves could ‘clone’ somebody else’s transponder, leaving an innocent driver charged for trips made with the clone. He goes on to say this cloning means the technology could be used to create a fake alibi for a crime.
To address the problem, Lawson intends to create a privacy kit that would allow motorists to switch off their transponder when not in use. The plans for this kit would be made freely available on the internet.
Left: Is there security protection for FasTrak transponders?
August 13, 2008
Feb 21, 2017 09:52
Stockholm deploys Blip Systems’s Bluetooth-based traffic monitoring system