NYC Is Tracking RFID Toll Collection Tags All Over the City 314
In the northeast U.S., most of the tolls people encounter when driving make use of a system called E-ZPass to let them pay the tolls electronically. Drivers are given small RFID transponders that are scanned in tollbooths, at which point the toll is automatically deducted from a pre-paid account. One hacker got curious whether the RFID tags were being scanned elsewhere, so he tweaked his E-ZPass to blink a light and make a noise every time it was read. He tested the streets of New York City, and wasn't surprised to see it light up in plenty of places where there were no tollbooths to be found. From the article:
"It’s part of Midtown in Motion, an initiative to feed information from lots of sensors into New York’s traffic management center. A spokesperson for the New York Department of Transportation, Scott Gastel, says the E-Z Pass readers are on highways across the city, and on streets in Manhattan, Brooklyn and Staten Island, and have been in use for years. The city uses the data from the readers to provide real-time traffic information, as for this tool. The DoT was not forthcoming about what exactly was read from the passes or how long geolocation information from the passes was kept. Notably, the fact that E-ZPasses will be used as a tracking device outside of toll payment, is not disclosed anywhere that I could see in the terms and conditions. When I talked to the E-ZPass Inter-agency Group — the umbrella association that oversees the use of the pay-toll-paying tags in 15 different states — it said New York is the only state that is employing this inventive re-use of the tags. ... 'If NYDOT can put up readers, says [the hacker], 'other agencies could as well.'"
Quick hardware hack (Score:4, Interesting)
Time to put your transponder into a flip-lid Faraday Cage [wikipedia.org] that springs open only when you require it, then closes by default.
Re:Quick hardware hack (Score:5, Interesting)
Interestingly enough, EZ-Pass devices installed in rental vehicles do EXACTLY this to allow the renter choice of whether to use EZ-Pass or normal tolls.
Re:Trending political procedures... (Score:4, Interesting)
You could actually use this the other way.
Remove the tag before you go do something naughty but keep it in your car other times.
Re:Were you expecting anything different (Score:5, Interesting)
Actually it probably has no identifying details at all... it's almost certainly just a serial number, and that's it. It may also have a checksum on the device that might be derivable via a one-way hash from personal information that the company has about you, but in general this would not be practical to try to reverse, Such a checksum id could potentially be used to verify at their end that the device was not a forgery.
The company that collects the data on the device has your identifying details and has recorded which device, by serial number, they assigned to you. Whenever they are scanning the device, all they need to do is look up its serial number in their database to get all of your identifying information that they have... unless somebody else had suitable access to that same database, they would not generally be able to identify who you were or anything else about you for that matter.
A third party could, however, potentially use the information even without access to said database to track where it was you were going... although as far as they are concerned, they'd be tracking some anonymous device, with no idea in general who actually has it... only knowing where it was detected by scanners.
Re:Trending political procedures... (Score:3, Interesting)
Future plans outside New York (Score:5, Interesting)
In Florida, we have a toll transponder system too. Recently waves of notices have been going out that the older style transponders are being deprecated for newer ones. I always thought that was kind of silly because the new style transponders are currently compatible with the existing system just like old ones are, so it's not really a "protocol" type change (I'm a software guy, not an EE, so there is likely some RFID stuff I don't know about).
The biggest change? The older transponders would beep when scanned, the newer ones no longer have that functionality. Sounds like perpetual tracking is coming to my state.
Houston went a step further (Score:2, Interesting)
In Houston, Tx, the city was tracking the RFID tags and using sensors all over the highways to generate real time traffic data, and openly said they were doing it. Of course there were privacy concerns, but they assured the citizens that it was strictly anonymous.
They went a step further and now use Post Oak's sensors to detect Bluetooth devices, using the repeated detection of MAC addresses to estimate traffic flow and speed.
http://traffic.houstontranstar.org/bluetooth/transtar_bluetooth.html