CA toll system hacked.. Options

[impala454]

Ok "hacked" is a very very loose term... considering there's zero encryption to begin with!
http://www.hackaday.com/2008/08/06/black-h...pletely-broken/

FasTrak is the electronic toll collection system used by the state of California. Motorists can purchase a toll transponder for ~$26 and link the serial number with a debit account to have their tolls deducted automatically. Today at Black Hat in Las Vegas, security researcher [Nate Lawson] presented not just the privacy problems with FasTrak, but why absolutely no transaction from the tag should be trusted.
...
he transponders and readers perform no authentication. Someone could wander through a parking lot with an RFID reader and pick up the ID of every tag in the lot. They could then write their own transponder with the stolen IDs. Here's the really bad part: the transponders support unauthenticated over the air upgrading. You can force any transponder to take on a new ID. An attacker could overwrite every tag passing a certain intersection and cause havoc in the toll system. Some have suggested that there are IDs in the system that are unbilled, since they're assigned to administrators; these would be especially attractive to thieves.

pretty crazy though. although I wouldn't put my toll tag (~$10-15/month) as some critical thing. not to mention if/when it was found out the ID was stolen, combined with the fact that a camera can snap pictures of your car as it passes through, it'd probably be pretty easy to catch someone using a stolen ID. Or at the very least simply turn off the stolen ID.

[chook]

Most hackes want to cause mayham and such, is where the problem is.