California's Fastrak Toll System Tags Are Easily Hackable

Illustration for article titled California's Fastrak Toll System Tags Are Easily Hackable

Bad news for California drivers (me) that use Fastrak (me) to get past toll roads and bridges fast (me). Hackaday reports that a security researcher named Nate Lawson presented information at the Black Hat conference in Vegas that demonstrated that the tags perform no authentication whatsoever, meaning a dude with a reader can go around a parking lot and read the IDs of every Fastrak transponder there. Even worse, there's unsecured over-the-air upgrades, so that same guy can overwrite tags at will, messing things up for everyone.

How do we fix this system? Here's the problem: the system is defined by California law. An update to the way things are done would take legislative action. [Nate] suggested one possible check that could be implemented to determine if the system was being exploited at this time: When a tag read fails now, the system takes a picture of your license plate so a human can determine what account it belongs to. The system could be updated to randomly take photos of cars that were reading correctly just to make sure the ID belongs to the car pictured.


And from the sound of it, it's pretty difficult to fix. [Hackaday]


Navin R Johnson

We need federal legislation banning tolls!

Tolls are the single most inefficient way to collect a tax imaginable. They destroy the environment, cause traffic and accidents and are a general waste of money.

Citizens Against Tolls estimates it costs 13 cents to collect 35 cents. That's almost 40% of the money going to just collecting the money!

The executive director of tolls in NJ has a yearly compensation totally $168,524. There are toll collectors making as much as $98,496 a year with overtime!!

salary list: []

Think of all the idling cars when you're going through the tolls on a holiday weekend. Think of the pollution and the waste of fuel.

I personally witnessed a motorcycle get hit at a toll plaza by a motorist who was probably digging for change.

So I say if someone can bring down the system with a hack, more power to them!