A New Jersey man modified his E-Z Pass — a device used to automatically pay highway tolls — to alert him every time his it was being connected to by an outside source. He found it wasn’t just when passing through tolls that his device was being read.
The man going by the name Puking Monkey rigged a cow-shaped device to light up and make “moo” sound every time the E-Z Pass’ RFID card was read. The man recorded video of the device being read in non-toll areas and presented his findings at the hacking conference Defcon, which took place in August.
Here’s a look at how the device works, signaling the E-Z Pass was being read in a toll-less area in the Lincoln tunnel, which connects New York City and New Jersey:
“Anonymously driving your own vehicle is becoming unattainable with the proliferation of automatic license plate readers (ALPRs) now coming into wide-spread use. Combined with always-on electronic toll tags, smart phone traffic apps and even plain cell phones are adding to this problem. There is little public disclosure of this tracking and little legislation limiting the length of time data is retained, even if it is not involved in any investigation,” Puking Monkey’s abstract for his presentation at Defcon said.
See how the tag is read again when he is driving from New York City’s Times Square to Madison Square Garden:
Forbes looked into the issue even further last week (emphasis added):
A spokesperson for the New York Department of Transportation, Scott Gastel, says the E-Z Pass readers are on highways across the city, and on streets in Manhattan, Brooklyn and Staten Island, and have been in use for years. The city uses the data from the readers to provide real-time traffic information, as for this tool. The DoT was not forthcoming about what exactly was read from the passes or how long geolocation information from the passes was kept.
When I talked to the E-ZPass Inter-agency Group — the umbrella association that oversees the use of the pay-toll-paying tags in 15 different states — it said New York is the only state that is employing this inventive re-use of the tags. (That statement will be tested: Puking Monkey lent his hacked pass to a friend going on a road trip to see if it went off unexpectedly in any other states.)
Kashmir Hill for Forbes also pointed out that the use of an E-Z Pass as a tracking device — outside of its original use for paying tolls — is not included in the terms and conditions.
Speaking with the company that the city’s DOT is using to make the RFID tags, Hill learned they scramble information so drivers can not be identified when data is being collected.
“The tag ID is scrambled to make it anonymous. The scrambled ID is held in dynamic memory for several minutes to compare with other sightings from other readers strategically placed for the purpose of measuring travel times which are then averaged to develop an understanding of traffic conditions,” TransCore spokesperson Barbara Catlin told Forbes in an email. “Travel times are used to estimate average speeds for general traveler information and performance metrics. Tag sightings (reads) age off the system after several minutes or after they are paired and are not stored because they are of no value. Hence the system cannot identify the tag user and does not keep any record of the tag sightings.”
Still, Forbes reported Puking Monkey calling the practice at Defcon “intrusive and unsettling.”