I can't find details of his hack, but I am curious if his detector detects actual read events (when his device responds with its ID) or if it is just an RF power detector. Is there a link to a technical description?
His presentation is at https://www.defcon.org/html/links/dc-archives/dc-21-archive.... (The first section is on license plate readers. ezpass details start on slide 84. He starts with modifying his own ezpass to detect when it's being read then makes his own detector (slide 97) and runs it side by side with the pass. The new detector is much more sensitive and picks up being read basically everywhere.)
