Turkish drivers faced an unsettling situation when the country's electronic toll collection application HGS was compromised in a cyberattack on December 10. Users received threatening messages demanding cryptocurrency payments, causing widespread concern among the millions who rely on the app for highway and bridge toll payments.
The National Post and Telegraph Directorate (PTT), which manages the HGS system, confirmed the breach but assured users that their personal data remained secure. Some app users reported receiving messages demanding $25,000 in Bitcoin, along with threats to leak personal information.
The technical root of the attack was traced to a vulnerability in the app's notification system. According to cybersecurity expert Onur Oktay, hackers gained unauthorized access through the API of OneSignal, a mobile push notification framework. A similar breach had targeted Anadolu Sigorta's mobile app just days before.
OneSignal CEO George Deglin clarified that the issue stemmed from compromised API keys rather than a vulnerability in their platform. "These apps may have misplaced their API keys in a location accessible to hackers," Deglin explained.
PTT responded swiftly by implementing technical measures to prevent further unauthorized access. The organization has also initiated legal proceedings in collaboration with authorities to investigate the cyberattack.
The HGS system, introduced in 2012, serves as a cornerstone of Turkey's highway infrastructure, processing millions of toll transactions daily through RFID technology. While the immediate threat appears contained, the incident raises questions about the security measures protecting widely-used public service applications in Turkey.
As investigations continue, PTT maintains that no sensitive information was compromised during the breach. However, users are advised to stay alert and report any suspicious activity related to their accounts.