http://news.cnet.com/8301-1009_3-10009353-83.html



By Elinor Mills   

Security - News.com

August 6, 2008



LAS VEGAS -- Electronic toll systems like FasTrak and E-ZPass may be 

convenient for drivers, but they are rife with privacy risks, a security 

expert said Wednesday at the Black Hat 2008 security conference.



Strangers with the right transponder reader walking through a parking 

lot can steal the ID number off the transponders that are visible 

through the windshield, put the data on their devices and pass through 

bridge and other tolls for free, with the victim paying the bill, 

according to Nate Lawson, principal of security consultancy Root Labs.



The transponder ID, which lacks encryption, could be wiped and switched 

with that of a device from a different car used in a crime, such as for 

alibi purposes, he said.



The e-toll systems also pose a risk in that a driver's movements could 

be tracked in real time, and e-toll operators have already been served 

with subpoenas seeking customer information, Lawson said.



Although the ID is not personally identifiable, it can be linked in the 

back-end database to customer information like name, driver's license, 

and credit card number, he said.



[...]





_______________________________________________      

Attend Black Hat USA, August 2-7 in Las Vegas, 

the world's premier technical event for ICT security experts.

Featuring 40 hands-on training courses and 80 Briefings 

presentations with lots of new content and new tools.

Network with 4,000 delegates from 50 nations.  

Visit product displays by 30 top sponsors in 

a relaxed setting. http://www.blackhat.com



Received on Thu Aug 07 2008 - 02:46:41 PDT