Among other problems, an attendee at the Black Hat 2008 conference in Las Vegas found that because the in-car transponders don't require any authentication, anyone with an RFID reader can get the unique ID from any car and then use that in their own transponder. Not only that, but you could also force any other transponder to take on a new ID because of the system's open over-the-air upgrading system.
To change the system would require legislative action since it's all defined by California laws, so Californians shouldn't expect a quick fix. Until -- and if -- a fix comes, we suppose the best that can be done is to make sure you scrutinize your FasTrak bill. And keep an eye out for guys kitted out like Star Trek yeomen wandering the park-and-ride commuter lots... Thanks for the tip, fabienne!
[Source: Hack A Day, Photo by JasonJT | Creative Commons 2.0]