automatic toll systems hackable…

At this point it shouldn’t be a surprise that various systems that shouldn’t be are quite easily hacked, but that doesn’t make it any less disturbing. Over at this years Black Hat event there was a demonstration of just how easy it is to hack the automatic toll devices used at most bridges and toll roads throughout the country. The stunning part is that it appears that the folks who created these transponders did almost nothing to keep them secure. They’re constantly broadcasting* and they include no encryption. And this is a device that often connects directly to a registered credit card. Sense a potential problem? The researchers who showed this pointed out that it wouldn’t be difficult for someone to clone your transponder and make you start paying for their tolls. Alternatively, it could be used to create an alibi for someone planning to commit a crime — since police have used toll crossing data to establish where someone is.

* leftystrat note:  to the best of my knowledge, a transponder does not transmit on its own.  It transmits only when activated by a specific transmitter, using that transmitter’s power.  They are generally passive devices.