California's Wireless Road Tolls Easily Hackable 354
An anonymous reader writes "Nate Lawson, a researcher at RootLabs, has found a way to clone the wireless transponders used by the Bay Area FasTrak road toll system. This means you can copy the ID of another driver onto your own device and, as a result, travel for free while others foot the bill. Lawson also raises the interesting point of using the FasTrak system to create false alibis, by overwriting one's own ID onto another driver's device before committing a crime. Luckily, Lawson wasn't sued before he could reveal his research, unlike those pesky MIT students."
sounds familiar (Score:5, Informative)
Re: (Score:3, Interesting)
Hardly surprising for anybody in the business of computers and wireless devices.
If it's possible to hack - it will be hacked.
Another way to keep under the radar is to pay cash.
There are cameras at the toll booths, but they aren't a big problem for anybody with some simple skills.
Re:sounds familiar (Score:5, Interesting)
I'm waiting for anyone out there who doesn't like these systems to cause a little chaos.
Imagine grabbing the ID of the mayor as he drives by(pretty damn easy) then it's just a matter of wandering through a carpark programming every tag with a matching code.
Cameras at every toll booth (Score:5, Insightful)
And they can record license plates. I think this hack has little criminal viability. Anyone who used it extensively would be caught in short order. Though authorities might be willing to let the criminal conduct continue on until the criminal passed the felony threshold.
Re: (Score:2, Interesting)
Re:Cameras at every toll booth (Score:5, Informative)
Yep - that was my first thoughts too. Driving with an unreadable license plate, though, is grounds to get you pulled over anyway.
In case you didn't know, most toll booth places have:
Cameras front-mounted to take a picture of YOU or passengers...
Cameras in the back to take a picture of your plate...
Occasional cops sitting at the side of the road that are ready to pull you over.
It's academically interesting (and it should be) but not useful for the criminal. You can always simply drive through a checkpoint without an ez-pass, and most likely nothing will happen [nbc4.com] for a long time. Is it worth it? Nope.
Re: (Score:2)
How exactly do they plan to do that? Not everyone passing through their state lives there, or near enough to realistically expect them to sign up for EZ-Pass. Personally, I don't have it because, while I live in a state that does use EZ-Pass, I only go through the tolls perhaps twice a year.
Clearly, the states would much rather switch to all electronic tolls (
Re: (Score:2)
I live in MI. When I go to Toronto, I use the 407. They never have a problem sending me the bill in the mail. There are no booths at all that I've ever seen.
Re: (Score:3, Interesting)
Also, it'd be quite easy to switch to electronic tolls altogether. Everyone should get one (a transponder) to ke
Re: (Score:3, Informative)
On the other side...
I spent 5 months last year in Illinois (business trip that was extended too many times, but as a contractor either do it or go home and stop getting $$$).
There is a real need for cash lanes because of the out of towners, and rental car users.
Driving rental cars you have either:
1. No i-pass and must stop at ever toll booth and throw quarters
2. is a more expensive car with an i-pass, but then avis decides to charge you administrative fees if you use the i-pass (which results in me throwi
Re: (Score:2)
...but hey, I'm from the midwest...wtf are toll booths?
I'm guessing that you've never been to Illinois. "Welcome to Illinois! Pay toll."
Re: (Score:3, Funny)
Re:Cameras at every toll booth (Score:4, Informative)
I'm guessing that you've never been to Illinois. "Welcome to Illinois! Pay toll."
The only toll roads in the whole state are north of I-80. Of course, you guys up there think Illinois' southern border is I-80 anyway.
Uncyclopedia has a good article about our great state. [uncyclopedia.org]
E-Z pass users get the same rate and I-pass users (Score:2)
E-Z pass users get the same rate and I-pass users get E-Z pass rates as well. Also alot of People in WI and IN have I-pass / E-Z pass.
Now E-Z pass is the system to hack as many states use it.
Re: (Score:2)
You can avoid them there if you aren't afraid of a few traffic lights, too. The toll roads are much nicer, though paradoxically, speed is more strictly enforced.
Re: (Score:2)
Re: (Score:3, Informative)
funny, i drive from des moines iowa to raleigh north carloina several times a year, passing through illinois, indiana and ohio, and never once payed a toll.
all interstate driving too.
seems like you went the wrong way to me.
Re: (Score:2)
That wouldn't work for long. MOST people generally drive the same areas on a routine basis. And even those people that don't could be flagged for chase. Essentially, once someone has been identified as using a false or copied code, they can take pictures of the vehicle and post it for chase along with the code being used. There are a variety of ways an individual can be flagged and the only way to continue doing it is to change vehicles and codes frequently and that would become a burdensome crime to ma
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:2)
a brown lawn doesn't exactly conceal your identity last I checked.
And last time I checked, a license plate doesn't hold your identity.
Your drivers license holds your identity. Your license plate just says that the car is licensed to be on the public roadways.
Re: (Score:2)
and like a lightning bolt from a clear blue sky (thank you CS Lewis), the truth is revealed.
A lisc plate DOES NOT identify a person.
It is as stated above, merely a proof of right to be on public roads for the particular vehicle to which it is assigned.
Re: (Score:3, Informative)
I suppose a photo of the license plat alone would not be sufficient, but that's not how most places do it.
I once got a ticket from an automated red light camera in San Jose.
The picture, unfortunately, clearly showed not just my license plate, but my face.
Re: (Score:2)
Who modded this a Troll? I completely agree with it -- tickets for dirty license plates?
Re:Cameras at every toll booth (Score:5, Insightful)
I consider using the state-provided roads as a privilege, not a right, that requires your car to be identifiable by a valid licence plate.
If the plates are obscured, either by dirt or by purpose, isn't it reasonable to give a ticket to deter this?
Re:Cameras at every toll booth (Score:4, Insightful)
No more unreasonable than requiring people to wear their driver's license in a plastic badge holder while walking on public sidewalks. Papers, please.
It should certainly be illegal to use such a tactic to evade a toll. That said, if you are not breaking the law, the only thing they truly have a legitimate need to see is the little colored sticker that says whether your plate has expired or not. Other than that, their "need" to read the plate and identify you is nothing more than a figment of their power tripping imaginations.
Re:Cameras at every toll booth (Score:4, Interesting)
So you consider the use of licence plates for cars a slippery slope?
There is a very visible difference between taking a stroll on the sidewalk and controlling a several-ton metal hunk at high speeds.
I sort of agree with your sentiment, except that I percieve using a car on the road is a privilege, and strolling on the sidewalk a right.
Re:Cameras at every toll booth (Score:5, Insightful)
"I sort of agree with your sentiment, except that I percieve using a car on the road is a privilege"
I don't. We paid to put the roads there and everyone should be able to use them however the hell they want so long as they don't harm anyone.
I prefer to punish people AFTER they have done harm. Not before.
License plates, laws against drunk driving[1], justifying drug criminalization by claiming that drug use increases rates of crime, placing curfews on public parks etc. is all preemptive and it places a burden on an innocent society. There's no reason not to throw the book at someone who breaks the law but asking society to give up their freedom for the sake of reducing crime statistics is unfair. It costs tax dollars, gives the government a way to profit off of criminal behaviour (traffic fines) and regulation (licenses, vehicle registration etc.) and I don't think it actually does much in the way of achieving it's goal of preventing crime anyway.
[1] - I realize that's borderline trollish so I'll justify that: killing someone and violating traffic laws is already illegal. Why do we have to make it more illegal? Has all of this money spent - and made - by cracking down on drunk drivers actually reduced the number of dangerous drivers on the road ? What about sober drivers who are just as dangerous as people who are drunk ? In Ontario it's now illegal to drive with ANY ALCOHOL WHAT-SO-EVER in your system. You can not transport any alcohol that has been opened and any alcohol you do transport needs to be out of reach of the driver (ie: in the trunk). During peak holidays such as new years etc. they put up road blocks on every major road and stop every single car to smell the driver's breath. It punishes everyone for the mistakes of a few. It's getting extremely out of hand.
Re:Cameras at every toll booth (Score:5, Insightful)
Ok, to turn this around a bit. Can you tell me exactly which pieces of asphalt/concrete you have paid for?
As far as I'm concerned, all of it. We have tax on gas sale, income tax, sales tax, taxes on all vehicle purchases (new or used), driver's licenses, license plates, road tolls, traffic fines (which I'm against but we still pay them), parking fees (for publicly owned parking garages and meters etc.). All ways of giving money to the government for things like road upkeep. How they use it very much my business but I haven't personally investigated how my money was put to use.
Point being We ALL pay for public infrastructure in one way or another so we should all be able to use it to heart's content so long as we don't harm anyone. I don't see why it should be any more complicated than that.
Re:Cameras at every toll booth (Score:4, Informative)
Not only reasonable, sometimes it's the law. Any place where there is a lot of snow will typically have a few people pulled over for not clearing the snow from their bumpers to reveal their plate(s).
Re: (Score:2)
Happens every winter here in Norway so I recognize that. They are pretty nice when stopping cars, not giving a ticket unless it is obvious that the driver is negligent (ie, the windscreen is mostly covered in snow).
Re: (Score:3, Insightful)
I consider using the state-provided roads as a right, not a privilege, like those other things that the state has been authorized (by the people) to take my money to do.
When a private company builds its own damn roads, then it can be a privilege.
Re: (Score:3, Insightful)
I might have agreed with you until they use my tax dollars to pay for this "privilege." Which they effectively pry from my hands. No, I consider it a right. And it isn't state-provided, either... it's tax-payer-provided.
Re: (Score:2)
Do you suggest that everyone that does not have a licence, or has had it revoked, should still be able to use this privilege because they are paying taxes?
Re: (Score:3, Insightful)
Or more likely here in Anchorage, it is late spring and the snow is melting, which when mixed with all the sand that was used all winter long to provide traction on the snow and ice makes for a muddy mess. You simply *cannot* wash your car often enough to keep it clean during
Re: (Score:3, Interesting)
You can't opt out of paying for the roads. Therefore no, he shouldn't be banned.
If he runs someone over because he's drunk and kills them - toss him in an electric chair and be done with it. The next guy will think VERRRRRRY carefully - not about what BAC he's going to blow but if he's actually OK to drive safely. Some people can drive fine (or nearly enough) with a BAC above .10. Others have issues standing up unaided at or below .04. It varies per person. To make matters worse, studies have shown th
Re: (Score:2)
Driving with an obscured license plate is a traffic offense in every state, for reasons that should be obvious if you think about it for ten seconds.
Re:Cameras at every toll booth (Score:5, Funny)
Well, just rig up some sort of James Bond plate changing mechanism....where you can flip the plate, or just obscure it when going through the booth, then hit the switch, and set it to normal again.
I've been thinking of something like this for the stupid red light cameras they've been putting in down here in NOLA.
Back on the ez-pass system. For awhile I was having to cross the bridge across lake pontchartrain, and it was a toll bridge. I just don't like the idea of having a system track my movements, so I just paid cash...no toll tag for me. Sure, it costs a dollar more, but, worth it to me.
Re: (Score:2)
You do realize they usually take your picture when you pay cash too, right?
Re: (Score:2)
Why would they need to do that? I don't recall seeing any cameras at the toll booth when I handed the $3 or whatever it was to the attendant.
Even so, at least there is not a quick and easy way to find out when I was there on a computer like with the EZ passes....
Re: (Score:2, Interesting)
Re:Cameras at every toll booth (Score:5, Insightful)
"pretty foolproof"
Your kidding right? There have been many cases of the Red Light Companies moving sensors around to catch people who Hadn't run the red light. And the one time I got a ticket from this system, the plate was unreadable, the Dark 4 door sedan pictured didn't look anything like my white 2 seat convertible, and we (my car and I) were 800 miles away at the time on the time stamp.
-J
Re: (Score:2)
Just gotta love that. In addition, I've also heard of an automated speed camera sending a fine notice to a farmer for his antique tractor with a max speed of 8 kph - it said he was doing something in the high 80's with it.
The funny one I saw recently sent a ticket to a guy - the picture showed the car was in the process of being towed.
Of course, they're also throwing the ball back at you - you have to prove you're innocent, not the other way around.
Back on the wireless toll roads, my first thought was that
Re:Cameras at every toll booth (Score:5, Interesting)
As the other poster said, there have been cases where the private company running these cameras weren't making enough money, and shortened the yellow light, or even rigged the cameras to take pics while light was yellow, but, showing red on the ticket. Studies have shown that in a VERY high percentage of cases, if they extended the length of the yellow light at troublesome intersections, that the number of people running red lights almost dropped to near zero.
One of my other problems with the system here...was that the cameras aren't only taking pictures of light runners. They have still and full motion cameras...they showed a case of cars sitting there at a red, and a car going around the front one and running the light, all in full motion. That means the cameras are running all the time...I don't like that.
I'd heard that someone was bringing suit against them in that they are unconstitutional in the state of LA...in that they aren't on every intersection, and the law states something like there has to be equal enforcement on all LA roads,etc.
Re: (Score:2)
We had 2 intersections here in Fresno that had Red Light Cameras. The company that put them in had a hell of a marketing department and sold the city on the idea. FF 2 years and Fresno made them pull the cameras and take down the poles etc. The company lied about how much money it would bring in. People in Fresno knew the lights would catch them and basically stopped running it. You can't make money if no one breaks the law. Better a few jump through a yellowed/red and get caught by regular police than no o
Re:Cameras at every toll booth (Score:5, Insightful)
Re: (Score:3, Insightful)
Running thru a red light 10 seconds after it has turned red is one thing.
Running a red light because the city changing the time, shortening the yellow light, to catch more "red light runners" is bullshit.
http://www.motorists.org/blog/red-light-cameras/6-cities-that-were-caught-shortening-yellow-light-times-for-profit/ [motorists.org]
http://www.reason.com/blog/show/118879.html [reason.com]
Yes, people who blatantly run a red light are dangerous, but the solution isn't to setup red light cameras, and modify times to catch more people to g
Re:Cameras at every toll booth (Score:5, Insightful)
Um, no. Better no one doing it. Running reds isn't like going 10 mph over the speed limit. People die from that. A lot. It really shouldn't be about the income.
I'd say that depends on how long it's been red. If you mis-time a short yellow and are in the intersection when it turns red, that's not too dangerous. No more than driving 10mph over (which may be why the yellow light seemed so "short"). That's one problem with automatic ticketing systems - they can't put the incident in context very well.
Simple solution (Score:3, Interesting)
As a Dutchie, I'm completely stunned at the thought that any government will let privately owned companies run the traffic...
Re:Simple solution (Score:4, Insightful)
Maybe other democratic governments aren't quite as corrupt?
It's amazing to me that you can totally distrust your government to do anything right, yet think that private enterprise overseeing parts of your life is somehow better.
Okay, so less of your income is taxed. The flip side is that the company isn't accountable to anyone--you can't vote them out! And if they *are* accountable to someone... well guess what, it's probably to government oversight!
Re: (Score:3, Insightful)
As for your condemnation of the 'promote the general welfare' clause, I a
Re: (Score:2)
Tolled roads are very abnormal in Canada, but this one works reasonably well.
I first read that as "Trolled", silly me!
Re: (Score:2, Informative)
I'm also in Toronto and there are no demerit points attached to a dirty plate or a "407 proof" reflective plate cover so their toll cameras can't get see your plate. --at least I didn't lose any points when I was pulled for each of these reasons - in fact I didn't get a ticket for the dirty plate, I just had to clean it off right then and there. The reflective cover cost me a $103.75 fine though
Re: (Score:3, Insightful)
The only problem is that they probably started this system to cut on costs and cut out human error. I doubt they'll actually put in any protection or change the system, they'll just try to crack down on people that commercialize it like blueboxing and cable descramblers.
Re: (Score:2)
Re: (Score:2, Funny)
Can you get stopped for (Score:2)
leaving the new car plates on your car even after you get your real license plates?
Re: (Score:2)
Yes. The temporary tags are only good for so long, though that's creating some annoyance here because the state is taking longer to issue plates than what the tags are good for.
Re: (Score:2)
Re: (Score:3, Informative)
FasTrak is also used access the Express Lanes on Highway 91 [91expresslanes.com], a 10 mile stretch between Riverside & Orange counties. There are no toll booths, but apparently they have Cameras [91expresslanes.com] to track down violators.
Average highway speed on that road is easily 75mph+ on highway 91, so I bet the cameras are higher-speed then the regular cameras used on the Bay Bridge toll booth.
Re: (Score:3, Interesting)
Alibis? (Score:4, Informative)
You've got it the wrong way around - people won't use this to create alibis before committing a crime, they'll use it to establish evidence of the target being in a certain area at a certain time even though he swears he was elsewhere
At any rate, certain requirements have to be met before something can be introduced as evidence. I'm assuming most things (like this) would, by default, not constitute evidence anyway. Email (at least in this country) needs to be provided along with an audit trail before it's accepted as evidence
Re: (Score:2)
Stop, you're both right!
I would think false alibis are just as likely as framing.
As for evidence, I seem to remember hearing snippets on Off The Hook about this sort of data being used as evidence in the past.
Re: (Score:2, Interesting)
Even if this worked for an alabi like TFA implied, you could get into trouble real quick if you didn't know the final destination of the car. What? You te
Re: (Score:2)
That could be done by just inserting values in the database. No cloning required.
Article Text (Score:5, Informative)
Between the splash screen redirects and the ads, this article is nearly unreadable. Here's the text for those who don't want to put up with the crap.
----
Drivers using the automated FasTrak toll system on roads and bridges in California's Bay Area could be vulnerable to fraud, according to a computer security firm in Oakland, CA.
Despite previous reassurances about the security of the system, Nate Lawson of Root Labs claims that the unique identity numbers used to identify the FasTrak wireless transponders carried in cars can be copied or overwritten with relative ease.
This means that fraudsters could clone transponders, says Lawson, by copying the ID of another driver onto their device. As a result, they could travel for free while others unwittingly foot the bill. "It's trivial to clone a device," Lawson says. "In fact, I have several clones with my own ID already."
Lawson says that this also raises the possibility of using the FasTrak system to create false alibis, by overwriting one's own ID onto another driver's device before committing a crime. The toll system's logs would appear to show the perpetrator driving at another location when the crime was being committed, he says.
So far, the security flaws have only been verified in the FasTrak system, but other toll systems, like E-Z Pass and I-Pass, need to be looked at too, argues Lawson. "Every modern system requires a public security review to be sure there aren't different but related problems," he says. Indeed, in recent weeks, researchers announced flaws in another wireless identification system: the Mifare Classic chip, which is used by commuters on transport systems in many cities, including Boston and London. However, last week, the Massachusetts Bay Transportation Authority (MBTA) filed a lawsuit to prevent students at MIT from presenting an analysis of Boston's subway system.
The Bay Area Metropolitan Transport Commission (MTC), which oversees the FasTrak toll system, maintains that it is secure but says it is looking into Lawson's claims. "MTC is in contact with vendors who manufacture FasTrak lane equipment and devices to identify potential risks and corrective actions," says MTC spokesman Randy Rentschler. "We are also improving system monitoring in order to detect potentially fraudulent activity."
In the past, authorities have insisted that the FasTrak system uses encryption to secure data and that no personal details are stored on the device--just two unique, randomly assigned ID numbers. One of these is used to register the device when a customer purchases it, while the other acts as a unique identifier to let radio receivers at tolls detect cars as they pass by.
But when Lawson opened up a transponder, he found that there was no security protecting these IDs. The device uses two antennas, one to detect a request signal from the toll reader and another to transmit its ID so that it can be read, he says.
By copying the IDs of the readers, it was possible to activate the transponder to transmit its ID. This trick doesn't have to be carried out on the highway, Lawson notes, but could be achieved by walking through a parking lot and discreetly interrogating transponders.
What's more, despite previous claims that the devices are read only, Lawson found that IDs are actually stored on rewritable flash memory. "FasTrak is probably not aware of this, which is why I tried to get in touch with them," he says. It is possible to send messages to the device to overwrite someone's ID, either wiping it or replacing it with another ID, says Lawson.
"Access to a tag number does not provide the ability to access any other information," says MTC's Rentschler. "We also believe that significant effort would need to be invested in cloning tags." He adds, "If any fraudulent toll activity is detected on a customer's account, the existing toll-enforcement system can be used to identify and track down the perpetrator."
Lawson says that using each stolen ID just once would make it difficult to track
Re: (Score:3, Informative)
No ad-block (Score:2)
Sometimes corporate policy limits what one may do with their computer... yeah, I know, I should get back to work.
cameras / scanners (Score:4, Interesting)
Re: (Score:2)
and it's really easy to obscure your plate to side and overhead cameras. A very simple system is a frame with louvers that obscure it from side angles, can be made in anyone's garage with pop cans and is nearly invisible to cops driving behind you.
Re: (Score:3, Interesting)
I don't have the newspaper article on hand, but a couple years ago in Toronto, someone was avoiding tolls on the 407 (Ontario's only toll road). They put their license plate on hinges, and attached a piece of string to it that ran through the car to the front. A tug on the string, and the plate flipped up.
And he would have got away with it if it wasn't for those meddling-- well, Ontario Provincial Police doing a blitz on the highway specifically looking for speeders, dangerous drivers and toll-evaders.
Re: (Score:3, Interesting)
Where I live, it's common for thieves to steal license plates and slap them on their car before committing a crime. It raises far less attention than a car with no plates, and even if bystanders copy down the offending plate number, such information is useless.
Combine a stolen plate with a stolen ID, and it would be very difficult to track down a one-time offender disregarding something like facial recognition (drive through the tollbooth every day at 8 AM, though, and I'm sure they'd catch on pretty quickl
Re: (Score:2)
Re: (Score:3, Informative)
Any obvious physical means to obscure the license plate would be self-defeating.
Just get some polarizing film and put it over your license plate. Unless the cameras are head-on (which generally they're not) they're going to get a black rectangle where the license plate should be.
A 'clear' film would be much less likely to attract law enforcement attention than some kind of physical change.
I believe this kind of thing is illegal but then again if you're going to be using a cloned transmitter I don't see tha
colorado replacing toll booths with cameras (Score:2)
It's worse than that, Jim! (Score:3, Interesting)
It was suggested that the reading and reprogramming could be accomplished so quickly that one could set up an antenna near a busy highway and read IDs from vehicles while assigning them the ID of the previous vehicle.
This would result in a huge shuffling of IDs that would be a bureaucratic nightmare for the state and a huge pain for FastTrac's customers. The s
This is nothing new... (Score:3, Insightful)
Re: (Score:2)
So let me get this straight... (Score:2)
The transponder doesn't do challenge response, it just spews out an ID number when polled?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Nah, it's laziness.... (Score:2)
While it's true that passive RFID devices are notably short on power and computing capacity (and can be vulnerable to tricks like power-consumption analysis and direct physical probing to attack their encryption), the central reason most of these systems are poorly encrypted if at all is...
Cheapness, intellectual laziness, and garden-variety stupidity.
One CAN make these systems much more secure, but it requires cryptographic competence and the determination to do the job right. As Schneier says, crypto is h
No Authentication = Easy Crime (Score:4, Interesting)
When you have the ability to send the same data over and over again without any form of authentication or obfuscation - yes, it can be copied and used by anyone else.
There are ways to prevent this:
Use a rolling code, like my garage door, key fob, and online banking fob uses.
Use another form of authentication, like color of vehicle, plate number, or something else easily identifiable on the car.
These are about as secure as my Speedpass fob that I can use to purchase fuel and snacks at Mobil stations. If its stolen, anyone can use it.
Re: (Score:2)
Billing is an issue, though. You have to be in some kind of electronic payment system for that to work. If they have to spend $.42 to send you a $2 bill, they're not saving much over the fancy system.
But you're still right, though. Why not just register your tag with an electronic billing firm, that has permission to deduct the tolls from an account you fill for the purpose?
As former toll systems programmer... (Score:5, Informative)
California Schemin' (Score:3, Funny)
all the streets are free
and the highway's no pay
I've been for a drive
on a self-made freeway
My hacks will do the charm
Cuz I'm in L.A
California Schemin'
on a self-made freeway
Easily hackable, but a useless hack... (Score:5, Insightful)
Roll Eyes (Score:2, Insightful)
1. How many tolls will be stolen? Too few for anyone in the project to care. They will treat this like "ID theft" and the burden is on you.
2. How many people are going to want or actually *do* anything TFA suggests. It's a number very close to zero.
The same kind of thinking applies to most automated transit toll collecting system. No one that could do anything about these issues cares or would be foolish enough to waste budget on corner cases like this. It would be a huge political/professional liabili
If you know a hack, DON'T TELL anybody! Fool... (Score:2, Interesting)
If you know a hack, DON'T TELL anybody! Fool... Really. What's the point of holding a press conference to point out a way for techies to save money? If you have studied for years for skills to design, program, and build a device that can defeat the automatic removal of money from your bank account, then for goodness sake's, don't tell anybody. Use this knowledge discretely for the benefit for your family and your people.
Spend the money that you save on your children. Or have some childr
Anonymous clubs (Score:5, Interesting)
Perhaps this can be used to create privacy clubs, where they all travel on cloned cards and all share the bill. Their movements couldn't be tracked via this system as long as multiple people were using it.
I hope this wasn't posted already... I searched the thread for "Anonymous" and then felt kind of silly.
The New Rules (Score:2)
That's all that the Boston MTA has done with their stupid suit, and the stupid judge that initially went along with it. Now if you've done research that you feel deserves presentation, the target of your research gets no warning and no time to find a clueless judge. If you don't feel this is an improvement, let that Boston judge know about it.
Security by obscurity breakdown (Score:2)
Unfortunately, a lot of these systems have been based on the premise that end users either didn't have the technology or weren't sufficiently interested in hacking them. Most subway fare collection systems are the same way -- the manufacturer puts in some safeguards by storing data in a different way but it's all eventually hackable.
Security by obscurity only works until you can buy the technology your system is based on at Best Buy. Back in the '80s, when New York established EZPass, your garden variety ha
Free Burgers! (Score:2)
Well, eventually you'll pay with your life, but that's a different matter altogether.
Summary of Article (Score:3, Insightful)
This means you can copy the ID of another driver onto your own device and, as a result, travel for free while others foot the bill.
Interpretation:
This means that one can steal services electronically, committing a felony punishable by jail time, while at the same time greatly annoying fellow citizens whose id has been stolen.
Aren't all RFID systems intrinsecally vulnerable? (Score:2, Interesting)
Re: (Score:2)
Re: (Score:2)
I am in fact disappointed that we as Americans appear never to ever get it right first time! ...
We invented the modern computer and all that goes with it...
Right - Good thing that didn't need any revision after our first implementation.
Re: (Score:2)