Transportation Hack 2.0: Flaw Found Calif.'s FasTrak System

A new transportation system hack is making headlines, this time in California's Bay Area. A security researcher says he's found a way to get around the community's FasTrak toll system without having to pay. The news comes just weeks after a group of MIT students discovered a flaw in Boston's subway system, setting off a legal battle over their rights to reveal the information.

This time, though, the details are out -- and there's no getting them back in. The hack, exposed at the Black Hat security conference by Root Labs' Nate Lawson, involves overwriting the unique ID number on a car's wireless transponder. The transponder is what communicates with the toll system to electronically pay a driver's fee. By overwriting the number, then, a hacker could use someone else's digits...and thus, someone else's dime.

Lawson says the transponders have no encryption -- the same issue raised with Boston's card-based system. In the FasTrak instance, the discovery goes directly against the company's past claims that the data is secure and protected.

Perhaps the most interesting twist, though: In contrast to the Boston case, where the Massachusetts Bay Transportation Authority met with the students and then tried to keep them quiet, Lawson indicated he couldn't even get through to anyone at FasTrak prior to his presentation.

"If anyone reading this is responsible for engineering at FasTrak, please contact me," he wrote in a blog published one day before his talk. "The messages I've sent via your website haven't worked," he said.

The Bay Area Metropolitan Transport Commission has since responded, telling ABC News its system is secure but saying it is "looking into" Lawson's findings.

Comments

Post a comment Post a comment

0 / 1000 max characters