California's Fastrack toll system can't be trusted?

FasTrak is an "electronic toll collection system" used in California. Once you set up an account, you get a transponder that simply debits your account balance whenever you pass through a toll booth. The system uses RFID technology to broadcast your account information to the toll booth receivers. According to Hack A Day, the system is anything but secure.

Among other problems, an attendee at the Black Hat 2008 conference in Las Vegas found that because the in-car transponders don't require any authentication, anyone with an RFID reader can get the unique ID from any car and then use that in their own transponder. Not only that, but you could also force any other transponder to take on a new ID because of the system's open over-the-air upgrading system.

To change the system would require legislative action since it's all defined by California laws, so Californians shouldn't expect a quick fix. Until -- and if -- a fix comes, we suppose the best that can be done is to make sure you scrutinize your FasTrak bill. And keep an eye out for guys kitted out like Star Trek yeomen wandering the park-and-ride commuter lots... Thanks for the tip, fabienne!

[Source: Hack A Day, Photo by JasonJT | Creative Commons 2.0]

Share This Photo X