E-ZPass is a type of RFID device called an electronic toll collector (ETC). Instead of waiting in line at the toll booth while the driver ahead of you searches for loose change, you simply drive on through. A wireless transponder activates the ETC, reads the ID number and the transportation department debits your account. ETCs are currently available in 22 states, with more adding them every year. They’re popular and certainly convenient, but are they a threat to the user’s privacy? Most ETCs don’t give the user any indication when they’re being read, and at least one state has admitted to using ETCs for other purposes.
New York E-ZPasses Are Milked for Information
Last year a hardware hacker in New York going by the handle ‘Puking Monkey’ wired up his E-ZPass to trigger a signal light and mooing toy cow. The E-ZPass draws 8uA of power while at rest, but 0.3mA while being read. When the draw increased, the LEDs would light up and the cow would moo. He found multiple sites in and around NYC where the E-ZPass transponder was being read but there were no tolls.
When the media contacted the New York Department of Transportation, a spokesperson claimed the data was used to provide real-time traffic information, estimate travel times and reduce congestion. According to the E-ZPass Interagency Group, which oversees ETCs in 15 states, New York is the only state that has been using the passes outside of collecting tolls. It’s worth noting that some states have their own ETC systems and might also be using them to track motorists without their knowledge.
ETC Users Will Soon Be Able Rest Easy
Puking Monkey had to open his E-ZPass and do the wiring himself, but most ETC users don’t have the technical know-how to create their own alarm system. In many states, the user doesn’t own the ETC device and must return it if they leave the program.
But security-conscious ETC users will soon be able to purchase an off-the-shelf solution from BVS. We’re working on a new product that will let them know when their ETC is transmitting, without making alterations to the hardware.
Contact firstname.lastname@example.org for more information.
http://m.authorstream.com/presentation/pukingmonkey-1903125-road-less-surreptitiously-traveled/ (E-ZPass info starts on page 84)
- Stalking has never been easier so let’s change that - 02/08/2023
- This is why nobody is allowed a cell phone in classified debriefings - 11/18/2022
- Death of the VPN: A Security Eulogy - 08/24/2022
Leave a Reply
You must be logged in to post a comment.