Hackaday Prize Entry: Controling E-ZPass

You can drive from Boston to Chicago without picking up a single ticket from a toll booth, or handing money to a single toll booth worker. You can do this because of E-ZPass, a small plastic brick mounted in most cars in the Northeast United States. The E-ZPass contains an RFID transponder linked to your checking account. Yes, it’s convenient, and yes, it is a way for the government to track your movements remotely without your knowledge.

For his Hackaday Prize entry, [Jordan] is peering into that suspicious white box on his dashboard and adding notifications to his E-ZPass. He’s upgraded his E-ZPass with a little bit of circuitry to his to notify him when it is being scanned, whether it’s at a turnpike plaza or just driving three blocks through midtown Manhattan.

A notification system for the E-ZPass brick has been around for a few years now thanks to a talk by [Pukingmonkey] at DEF CON. Because of this simple circuit, we know the NYPD is collecting E-ZPass data of people driving around Manhattan. Why? Something something sovereign citizen or thereabouts.

[Jordan] is taking the E-ZPass notification system a bit farther than previous builds and adding a logging functionality with a small GPS module. Of course [Jordan]’s build will still have blinkey LEDs for notifying him when the E-ZPass is read, but by logging this data to an SD card, he’ll be able to play a road trip back on his computer and do a proper expense report. Security research while collecting expense data; it doesn’t get better than that.

The HackadayPrize2016 is Sponsored by:

37 thoughts on “Hackaday Prize Entry: Controling E-ZPass

      1. I wish they always shipped them in the bag, mine arrived with the bag stuffed in the envelope next to the tag and the account already had a toll charge on it from when the mail truck crossed a bridge!

    1. GPS is a receive-only system, you need to link it to a transmitter of some kind to track someone. OnStar is a cellular based system so is track-able just like a cell phone.
      Over here in the UK they have cameras linked to number plate recognition software, so they can track you without any hint of being read. I’d be surprised if something similar wasn’t available in the US.

      1. License plate cams are used in the US, and are very common. In my area, it is common to get ticketed the first of the month if the registration was not done on time. The system checks all license plates against the DMV database and signals the officer when a violation is found. You need do nothing else wrong, and there is no requirement for any other infraction or for the officer to even be aware of your vehicle prior to the system signalling.

        The systems have different advantages, such as cam’s can target vehicles even if there is no transponder, but the cam must be able to see the vehicle and license. Cell isn’t in all vehicles, and, in theory, requires interaction with outside agencies (provider and/or courts), though in practice this is bypassed. Cell based tracking can target over a large area, and be used to locate a vehicle with unknown location. EZpass has the advantage of the database belonging to a gov’t agency and having inexpensive readers, but the proximity issue is as bad, or worse, than for cameras, and not all vehicles have the device. I don’t see any real advantage to EZpass tracking over a cam other than sight issues as may happen in heavy traffic.

    2. I would say no, it’s not enough as seen from a paranoid crime fighting agency point of view. If you put yourself in the shoes of the FBI, you have 250 millions potential criminals you have to make a case against very quickly on the territory, so any signal counts. If it’s already collected, sorted and stored, it’s better. For example EZ-pass has a way smaller radius than a cell tower, and is backwards compared to the GPS (the EZ pass reader is fixed, while the GPS is roaming). Moreover, to build a case against someone, the more evidence you have, the stronger the case, if you have EZ pass and cell phone, it’s stronger than cell phone alone.

        1. Welcome to the exciting world of law enforcement, where everyone’s a suspect. Heck, there are so many laws in this country that you’re probably violating a few without even knowing it.

      1. Innocent until proven guilty. Yeah right…
        We let the DOJ continue this war against US by who we elect and then don’t bother to hold them accountable.
        “I have nothing to hide, so let them in” – Which is exactly why they shouldn’t be allowed in the first place.
        Never mind that every LEO is a human being just like you are and a badge and gun and an oath doesn’t make you super human and without fault in every way possible, it just gives you a thin blue union line to hide behind….

      2. I, for one TOTALLY love that the government is always tracking it’s every citizen, whoops I mean every “potential criminal” at all times and is logging their data to use secretly at their discretion. Man, doesn’t that just make you feel safe?

  1. Truck-based RFID transponders will notify them if they need to stop at certain weigh stations. Having seen these in action, it’s awfully cool. They use a red light, green light system to tell drivers they have to stop or are free to continue (without yet even having slowed down), saving fuel, time, and traffic jams/”safety issues” getting back on the highway.

    “When a vehicle approaches a weigh station, radio-frequency identification, or RFID, transponders communicate with an electronic reader on a boom over the road, which automatically scans the transponder and identifies the vehicle. After validating the truck to ensure compliance with state requirements, it sends a signal back to a second boom, which includes a green light to tell the driver to go ahead and bypass the facility.”

    Citation: http://www.truckinginfo.com/article/story/2015/01/bypassing-with-technology.aspx

  2. I understand these things are pinged to find the traffic density on heavy drive times and routes. Weather you like it or not, unless you cover it with a f(ing)-cage.
    Have a good time in Indiana.

  3. You don’t need a Faraday cage, a simple anti-static bag will do. If you have an E-ZPass account you can go to the “Vehicles and Tags -> Supplies” page and order a “read prevention bag” and they’ll send you one for free.

  4. You don’t need a Faraday cage. Just put your tag in an anti-static bag. Most E-ZPass member agencies ship a “read prevention bag” with each tag. You can get them free from your E-ZPass hosting agency, on e-zpassny.com you can order them from the “vehicles and tags -> supplies” page after logging in.

      1. I would like to see someone actually test that. What it takes to shield from ESD is considerably less than what it may take to read an RFID card. The RFID card shields are actual foil.

        I’m not saying that a silvery static shielding bag won’t work, I’m saying it needs to be tested.

        FYI, those pink “antistatic” bags won’t work. They are not even meant for shielding from static, they just don’t build up a charge.

  5. What about putting in an on/off switch to break the transmission even if it is energized. Then you can only turn it on when you know you’ll be going through toll gates.

  6. There is a fellow here in Silicon Valley that has one of those on each of his cars, plus the base station, when any of his fleet approaches the security gate, the gate opens.

  7. “The E-ZPass contains an RFID transponder linked to your checking account. Yes, it’s convenient, and yes, it is a way for the government to track your movements remotely without your knowledge.”

    So…once I give them my checking account, they sneak into my house at night and purge the memory of me having a RFID tag on my vehicle from my brain so that they can track me without me being aware of it?

    The tin-foil hat brigade is having a strong showing today I see.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.