I haven’t revealed all the details yet about my Blackhat talk on RFID toll pass security. One reason was I hoped to speak with Bay Area transit officials to alert them beforehand. The other reason is that I’ve still been analyzing the potential impact of the flaws I found.
Well, the results are in and it’s pretty serious. I’m reasonably certain an attacker can send a couple messages to a FasTrak transponder and wipe its internal ID. Also, the ID can be overwritten with a different one. There is a population of at least 1 million of these vulnerable transponders in California, sold over the past 15 years. They conduct 50 million transactions per year on Bay Area bridges. This does not include their use on southern California toll roads.
I think this is a big deal. If anyone reading this is responsible for engineering at FasTrak, please contact me. The messages I’ve sent via your website haven’t worked. Thanks.