FasTrak Hacked - Driving Home Privacy and Security Risks of RFID

Jul 15, 2008
Nicole A. Ozer

Page Media

ACLU of Northern CA

Dutch and British transit cards, California Senate ID cards, HID building access cards, some new generation credit cards, and now FasTrak.

What do they have in common?

They all use RFID technology and security researchers have shown that they all have glaring privacy and security risks.

Researcher Nate Lawson has discovered that FasTrak transponders are vulnerable to sniffing, cloning, and surreptitious tracking of a driver's comings and goings.

That is because the systems have no encryption or other technological protection measures to ensure that the information is not read by unauthorized readers or copied and cloned for misuse. Without protections, it is not just those toll booth and freeway sign readers that can track who you are and where you are going, but also that homegrown sniffer that Lawson plans to put up to collect information.

Lawson is amazed that "there has not already been widespread fraud, cloning, and selling of 'free transponders' that" were hacked and reprogrammed, he says. "There's nothing there technically to prevent it."

All it often takes to copy and clone RFID tags that lack adequate technological protections like robust encryption and authentication are some spare parts off the internet and some reason to want to do it- be it for monitoring and tracking, entering without authorization, or identity theft.

That is why the ACLU has been working for many years to ensure that state issued RFID-embedded documents have adequate protections to safeguard privacy, personal security, and public safety.

Please contact the Governor and urge him to sign our RFID legislation- SB 30 and SB 31.

For more information about RFID vulnerabilities and California legislation, please visit our RFID page here.