8/25/2023 0 Comments Txtag website![]() Unlike other TxTag accounts, it is not necessary to install a Tag. The Fleet Account is for organizations with a large number of fleet vehicles, and requires technical interfaces in order to establish an auto file exchange pursuant to a signed agreement with interface control document (ICD) specification terms. Commercial Accounts can be replenished either automatically or manually. If applicable, an owner or executive officer name, will also be requested.Ĭommercial Accounts must be pre-funded as specified in Attachment A, and are subject to fees as documented in Attachment B.Ĭommercial Accounts can have an unlimited number of active Tags. To establish a Commercial Account, you must provide your company or organization name, mailing address, phone number, email, and an authorized user. Registered TxTag Accounts can be replenished automatically or manually. Registered TxTag Accounts must be pre-funded, as specified in Attachment A, and are subject to fees as documented in Attachment B. You may register multiple vehicles under one registered TxTag Account. year, make, model, and license plate number and issuing state). We regret any customer inconvenience as we work to further enhance the security features of our site.To establish a Registered TxTag Account, you must provide your name, mailing address, phone number, and vehicle information (i.e. In an effort to improve security, TxTag has disabled the subject page and is working on enhancements. There were no breaches of security on the TxTag site and no customer information was accessed. ![]() “TxDOT is aware of the blog post and the described vulnerability. TxTag representatives have responded to our inquiry. The article will be updated if they respond to our inquiry.Īdditional details on the TxTag hack are available on David Longenecker’s website. We’ve reached out to TxTag to see if they can comment on the researcher’s claims. It’s uncertain if they’ve completely patched the security hole, but for the time being, when users access the Update AutoPay Methods page, they’re presented with a message that reads, “We are currently undergoing maintenance.” However, in an update posted on Monday, the expert revealed that the website underwent scheduled maintenance during the weekend. Longenecker has reported his findings to TxTag and the Texas Department of Transportation, but none of the organizations responded. The expert says there’s no evidence that the hacking method he uncovered has been used by cybercriminals, but considering how easy it is to pull of an attack, it wouldn’t be surprising if it has. “Having access to the account, one could access the account holder's personal information, license plates, makes and models of the registered vehicles, and credit card information one could also add additional vehicles for which tolls would be billed to the unsuspecting victim.” “Given a predictable account name and a list of high-frequency PINs, it would not take an attacker long to gain access to thousands of accounts,” Longenecker noted. Other common variants are “1111,” “0000” and “1212.” This means that it’s probably not difficult to guess a user’s PIN. Previous research has shown that most users will select “1234” when asked to choose a 4-digit PIN. To make matters worse, TxTag inexplicably stores the complete credit card number with expiration date as a hidden field on the Update AutoPay Methods page.” That in and of itself is a recipe for abuse. “Further, limits users to a 4-digit numeric PIN. Account holders may select a custom account name, but the original 8-digit TxTag number assigned to the account remains valid,” the researcher explained. “ uses predictable account names - an 8-digit number beginning with the number 2. The problem lies in the fact that TxTag accounts are only protected by a 4-digit PIN. There are around 1.2 million accounts on .Īccording to the expert, hackers could have easily gained access to names, mailing addresses, phone numbers, email addresses, credit card numbers and expiration dates. TxTag is the system that enables drivers to travel on toll roads throughout Texas without having to worry too much about paying the tolls. Last week, security researcher David Longenecker identified a vulnerability in the Texas Department of Transportation’s website that exposed users’ details, including their credit card data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |