[131642] in cryptography@c2.net mail archive
Re: road toll transponder hacked
daemon@ATHENA.MIT.EDU (Ken Buchanan)
Tue Aug 26 10:39:08 2008
Date: Tue, 26 Aug 2008 10:30:45 -0400
From: "Ken Buchanan" <ken.buchanan@gmail.com>
To: cryptography@metzdowd.com
In-Reply-To: <873akr7vv0.fsf@snark.cb.piermont.com>
On Tue, Aug 26, 2008 at 9:24 AM, Perry E. Metzger <perry@piermont.com> wrote:
> Despite previous reassurances about the security of the system,
> Nate Lawson of Root Labs claims that the unique identity numbers
> used to identify the FasTrak wireless transponders carried in cars
> can be copied or overwritten with relative ease.
>
Nate hasn't disclosed details of the code that wirelessly overwrites a
transponder's ID. The temptation would be too great for many to copy
an annoying neighbour's transponder ID, and then drive through a busy
mall parking lot cloning it onto every transponder in proximity.
As mentioned in the article, the vendors have claimed it was
read-only, even though it uses flash memory (I guess technically they
could cut the write line in manufacturing, but realistically that was
highly unlikely even before Nate did this work). I would speculate
that they just looked at the high level design, which didn't contain
any specifications for features to write to memory, and decided that
meant 'read-only'. In the meantime, the implementers don't see any
harm in adding a few extra features *beyond* what is in the design
(viz.: the overwrite code) especially where that might be useful for
testing and diagnostics.
As an aside: Isn't it noteworthy how much less press this has gotten
than the Boston subway hacks, even though it is (IMO) of much greater
severity? There might be a lesson there for the Massachussetts Bay
Transit Authority.
Ken
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
