California's FasTrak system completely insecure

Security researchers are finally getting around to telling us what we probably all should have guessed years ago: California's FasTrak system, the RFID tag technology used across the state to automatically pay tolls on bridges and toll roads, is hopelessly insecure.

How insecure? According to research published at Hackaday.com, there's no security at all in the devices. With little difficulty, anyone with RFID experience could "wander through a parking lot with an RFID reader and pick up the ID of every tag in the lot." But that's just the half of it: The FasTrak devices support "over the air upgrading," so that hacker could not only read your FasTrak ID, he could replace it with another ID on a whim.

The opportunity for annoying havoc is obvious: Clever hackers could set up a transponder at a busy intersection and replace or erase FasTrack ID tags en masse, causing huge headaches for billing systems and consumers alike. And of course, the Holy Grail is out there too: The hunt for "toll-free" IDs (such as those that might be used by highway management types), allowing anyone with the code to pass on any road or bridge, completely free of charge.

Proposed fixes include developing a mechanism for turning off the FasTrak circuitry when you aren't actively passing through a toll system, but I've got an even better one sitting on my dash: My FasTrak battery died years ago, but since the toll bridges scan your license plate whenever a car with a busted tag passes through, my account still gets billed normally, just as if my transponder was working. It's all the convenience without the insecurity, and California doesn't seem to care at all.

LINK: Black Hat 2008: FasTrak toll system completely broken