Thursday, August 7, 2008

Tagged and tracked at the toll booth

Are you one of those folks who loves the convenience of zipping through the toll plaza with one of those electronic toll-paying systems like FasTrak or E-ZPass?

Then the folks at CNet have a little warning for you. That little convenience may provide a direct line to your bank account or your whereabouts on any given day. Since the electronic toll devices use Radio Frequency Identification (RFID) technology to broadcast information about your account, crooks with the propert technology can steal your information just as easily as the toll booth can receive it.

Strangers with the right transponder reader walking through a parking lot can steal the ID number off the transponders that are visible through the windshield, put the data on their devices and pass through bridge and other tolls for free, with the victim paying the bill, according to Nate Lawson, principal of security consultancy Root Labs.

In fact, your information can be implanted into somebody else's transponder, so that drawing from your bank account is as easy as driving around.

Even above-board uses offer a real danger. With your account linked to the toll-paying transponder, you leave an electronic record of your whereabouts every time you pass a toll plaza. That record can be accessed with a court order, making your movements an open book to your ex-spouse, a disgruntled plaintiff or the government.

As early as 2001, the San Francisco Chronicle reported:

Attorneys recently subpoenaed FasTrak information to identify a car involved in a hit-and-run accident on the Carquinez Bridge in Vallejo for a civil court case. In New York, detectives routinely peruse electronic toll data to track down suspects. And a Pennsylvania programmer recently stumbled across a security flaw that let him browse through thousands of records for a FasTrak-like system in the Northeast, letting him view names, addresses, account numbers and detailed logs noting every time a car breezed through a toll booth.

Nothing had changed by last year when the Oakland Tribune found that, "[A]s the number of cash-free bridge commuters rises, so do the ranks of divorce lawyers and other civil attorneys who have subpoenaed, and received, personal driving records from the agency that oversees the regional e-toll system."

Likewise, CBS reported at almost the same time that "E-ZPass and other electronic toll collection systems are emerging as a powerful means of proving infidelity. That's because when your spouse doesn't know where you've been, E-ZPass does." Only four of the twelve state participating in the East Coast's E-ZPass system restrict the release of records to criminal cases.

Of course, if you do get hauled into court, you might try arguing that wasn't you at the no-tell motel -- it was somebody who hacked your electronic toll account.

Do you find that reassuring?



Post a Comment

Links to this post:

Create a Link

<< Home