In recent media statements on the benefits of purchasing an e-tag to pay Gauteng's controversial tolls, the South African National Road Agency Limited (Sanral) claims that unlike vehicle licence plates, which can be cloned to fool photographic tolling systems, electronic RFID tags cannot be cloned.
E-tag egotism
It is the kind of over-confidence that leads to grave security disasters.
This is an astonishing claim. It is the kind of over-confidence that leads to grave security disasters.
It is not trivial to clone a radio frequency identification (RFID) device, but it certainly can be done. Simple breaches read the signal from an RFID tag and simply copy it. This remains vulnerable to systems that implement sufficient security to recognise and verify the unique tag ID, but the benefit is that the hack is easy to perform. More sophisticated hacks clone the entire device, including its tag ID. These are almost impossible for a reading system like the e-toll gantries to identify and reject.
Although the RFID industry's Association for Automatic Identification and Mobility claims that full tag cloning requires a bulky reader that can easily be spotted by security staff, vehicles travelling past e-toll gantries are not inspected for such devices. Moreover, the form factor argument seems to have been overcome in this example of an open source passive RFID tag cloner for access control cards.
It's not like RFID security issues are anything new. Various systems have, over the years, proved vulnerable to hacking, as this article from Wired Magazine in 2006 illustrates. They include tags designed to pay for services such as fuel.
When Mythbusters, a show on the Discovery channel, proposed to test RFID for security, trackability, and reliability, matters got rather heavy, with big-gun lawyers from the financial industry leaning on the producers not to air the show. Here's Mythbuster Adam Savage describing that incident. If they were so confident that RFID tags could not be cloned, hacked, spoofed or otherwise subverted, one expects that they'd be proud to have renowned tech geeks like the Mythbusters have a crack at it.
The fears of the credit card industry are well-placed. Stories of cloned credit cards surface regularly, and staying a step ahead of the criminals who exploit vulnerabilities is a full-time occupation for even the most sophisticated experts in the financial industry.
It is true that the Sanral e-tags have several layers of security, including being matched to specific vehicle number plates and types. However, a group of activists known as the Opposition to Urban Tolling Alliance is already in court arguing that the system is so complex it is inconceivable that it could be administered effectively. Millions of registered vehicles will whizz past tolling gantries, paying as much as R10 million per day in tolls. The system would issue 840 000 invoices and 30 000 summonses per month, which would pose “insurmountable logistical problems”, the group claimed in interviews with the Saturday Star Motoring.
Even if these checks could be made consistently, however, and disputes settled efficiently, it is not inconceivable that more sophisticated fraud could succeed, as it frequently does against financial institutions.
In a world where millions of credit cards are subject to cloning, despite the extensive experience and high sophistication of the industry that produces them, for Sanral to claim e-tags will be immune is stupid, misleading, or both. Either way, it is the sort of pride that comes before a fall. A spectacular fall, if Johannesburg's billing crisis is any indicator.
