FasTrak Toll Hacking: Dangerous Or Ridiculous?

From the original article on the "Dark Reading" website:

"A Black Hat researcher recently reverse-engineered the popular RFID-based FasTrak toll tag that some drivers in the San Francisco Bay Area affix to their windshields for pre-paying highway tolls, and discovered some gaping security holes that leave these transponders vulnerable to sniffing, cloning, and surreptitious tracking of a driver's comings and goings. Nate Lawson, principal with Root Labs, will demonstrate at Black Hat USA next month in Las Vegas what he found inside those toll tags (hint: no encryption), and he will release an open-source tool for users to protect their toll tags from abuse."

From the evaluation by Toll Roads News, which concludes that the charge is dubious:

"Dark Reading reports: 'Lawson is also researching whether malware could be planted on a FasTrak transponder.' That sentence makes us think this guy Lawson is an amateur. The only "research" needed to establish whether anything could be planted on the FasTrak transponder is a visit to the website of the manufacturer...

If you cloned someone else's transponder account number you might put some tolls on someone else's account for a month or so, until the account holder saw the anomalous toll charges. Once notified, all the toll authority would have to do to catch you would be to program the violation cameras to retain pictures of the transactions on that account number, and they'd have you for fraud."