
Black Hat 2008: FasTrak toll system completely broken - gaika
http://www.hackaday.com/2008/08/06/black-hat-2008-fastrak-toll-system-completely-broken/
======
feverishaaron
I lived on the same floor in the dorms as Nate Lawson. One time, we went into
his room and realized he left himself logged in as root, so we changed his
password, then taunted him about it over IRC as he frantically tried to pwn
his own computer. Good times.

/Geek

~~~
tptacek
To finish the story properly, you should note that he probably _did_ own his
own computer up: his first documented finding was in 1993, while he was at
CalPoly.

------
mechanical_fish
_Here's the really bad part: the transponders support unauthenticated over the
air upgrading. You can force any transponder to take on a new ID. An attacker
could overwrite every tag passing a certain intersection and cause havoc in
the toll system._

Unbelieveable.

One thing, though:

 _When a tag read fails now, the system takes a picture of your license plate
so a human can determine what account it belongs to. The system could be
updated to randomly take photos of cars that were reading correctly just to
make sure the ID belongs to the car pictured._

I would assume that this is happening: Every car that passes through a gate is
also being photographed, and that data is being kept for somewhere between 60
days and forever. If you rewrite your RFID tag with Arnold Schwarzenegger's
ID, there's a good chance you'll get busted if and when he complains, because
they'll look up the photos.

------
jrockway
It really scares me how poorly security is done. You'd think that when you are
designing a system that will be used by tens of millions of people every day,
you might factor in a few thousand bucks to pay some security firm to look
over your spec or design documents.

I guess this is what happens when the government is legally required to
contract out to the lowest bidder. Your tax dollars get wasted and your
personal information is compromised. Thanks for saving me $20, government.

------
drusenko
chris' fastrak was cloned and he was getting charged for crossing the bay
bridge ~10 times a day with over $250 in erroneous charges before he realized
it was happening. worst part is that he's had to bitch at fastrak for hours on
end, while they won't admit anything is wrong. he even tried to do a charge
back on AMEX, but fastrak mailed the bogus "documentation" to amex, so the
charge remains.

~~~
jamiequint
oh sorry, that was me, I owe chris one.

------
gibsonf1
This is definitely off-topic, but after reading that post and switching back
to normal mode on my monitor (black on white rather than the reverse), I was
unable to read anything because of the optic effect. Its true, I've been
coding all day and lack some sleep, but I think white on black is just not a
good thing.

~~~
LogicHoleFlaw
I browse with the Firefox Web Developer toolbar and the _Disable- >Disable
Page Colors_ menu entry is a great way to kill obnoxious colors without losing
all the CSS styling on the page.

------
tptacek
Nate Lawson is bad ass. There's a TV segment somewhere out there with him
being interviewed, and a response segment from the vendors --- they're
flabbergasted. "There's no way to write to these devices! You can't hack
them!" These people didn't even _consider_ security.

