Slashdot Mirror
Hackers Get Free Parking In San Francisco
Hugh Pickens writes "PC World reports that at the Black Hat security conference this week, security researchers say that it is pretty easy for a technically savvy hacker to make a fake payment card that gives them unlimited free parking on San Francisco's smart parking meter system. 'It wasn't technically complicated and the fact that I can do it in three days means that other people are probably already doing it and probably taking advantage of it,' says Joe Grand. 'It seems like the system wasn't analyzed at all.' To figure out how the payment system worked, Grand hooked up an oscilloscope to a parking meter and monitored what happened when he used a genuine payment card. Grand discovered the cards aren't digitally signed, and the only authentication between the meter and card is a password sent from the former to the latter. Examining the meters themselves could yield additional vulnerabilities that might allow someone to conduct other kinds of attacks, such as propagating a virus from meter to meter via the smart cards or a meter minder's PDA."
Examining the meters themselves could yield additional vulnerabilities that might allow someone to conduct other kinds of attacks, such as propagating a virus from meter to meter via the smart cards or a meter minder's PDA."
I, for one, welcome our new parking meter botnet overlords.
Cool: http://www.google.com/search?hl=en&client=opera&rls=en&hs=AdW&ei=fN5ySvzFFYu4M7WW8LAM&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=Portable+Oscilloscope&spell=1/
The usual bureacratic solution in a case like this is to make it illegal to hook-up oscilloscopes to parking meters in San Francisco.
"It wasn't technically complicated and the fact that I can do it in three days means that other people are probably already doing it and probably taking advantage of it"
Is it just me, or is this like a nationally publicized "Hey guys, try this!" The article lacks the detail to replicate this guy's code, but the other methods he used are all there. Would it have been better to have a system with a few hackers taking advantage and skipping some parking fees, versus a now-comprimised system (or one that begs to be comprimised by publicity and the copy-cat nature of hackers and hacker upstarts) that may be rendered useless? Now there are 23000 meters in San Fran that may need to get new software..
While there may not be a way to prevent this, are you sure that it can't be detected? After all, it's your car with your license plate that's standing in front of such a fraudulently paid meter for hours. It's certainly better to build some security into the hardware, but this seems like an application where enforcement has a realistic chance of catching people who exploit the system.
Well, I RTFA, and I have to admit, I liked the hack, I only hope that they do fix it, otherwise it will always be employee's of the stores that have parking and people shopping will not have access to the stores.
I really do hate it when people hog a meter all day, paying for daily parking in certain towns is just way out of control.
Now if the hack is really as simple as presented in the 60+ page report, the black market for this is huge, selling 999.00 cards for $50.00 a pop, I know of at least 100 buyers, and if marketed correctly, the entire business district will be a net loss for those towns whom don't execute a plan quickly.
Before anyone talks about the 3 million in savings, Please note, that's just the theft that the meter people were pocketing. What should happen is that the long term savings should increase by the labor savings, please see past example of easy-pass toll system of NY & NJ, where within 2 weeks rush-hour was reduced by 25 to 50 minutes and toll takers were reduced by 1 or 2 people per exit.
if you see me, smile and say hello.
i wonder what kind of attacks would be possible after the city has replaced the meter software by software which actually uses a cryptographic method, like a challenge/response method between the meter and the card...
any ideas?
I'm not sure how normal that is in the bay area. To see some guy in a DeCSS tshirt hooking an O-scope to a parking meter.
Seriously, how did they achieve *that*? Flat ribbon cable between the card and the meter?
Non impediti ratione cogitationus.
For reference, Joe Grand is one of the members of the l0pht hacker group that were announced to be making a comeback [url=http://news.slashdot.org/story/09/07/26/167251/Hacker-Group-L0pht-Making-a-Comeback?art_pos=1]here[/url]
He was probably wearing a high-vis jacket and wearing heavy leather gloves. He'd have looked like an ordinary electrician. If anyone asks he was 'reparing' the meter.
It pays to be obvious, especially if you have a reputation for being subtle.
i read TFA and it says that they have a custom built shim in between the card and the reader.
Cool? I dunno, it's pretty simple really. Here's the C source code for the hack. Basically he's just programming a smart card with a value of $999.99, and then asking the meter for the password, which it seems more than happy to provide for some reason.
IOW, the meters are simply using security through obscurity, which is the same as no security at all.
My blog
If you click the second link in the summary your question will be answered...
He was probably wearing a high-vis jacket and wearing heavy leather gloves. He'd have looked like an ordinary electrician. If anyone asks he was 'reparing' the meter.
San Francisco may be different, but I'd imagine that in most cities, if someone was seen beating a parking meter with a baseball bat, people passing by would nod approvingly, or perhaps cheer.
In Monopoly just remember what is 10 spaces away from free parking (actually, in either direction). Something tells me that those who try this "Free Parking" trick may well end up rolling a pair of fives on their next move.
Do not pass go, do not collect $200.
Can't wait for the trends to start: half the populace will be covering them in WD-40 and sticking them up their ass, and the rest will be basing a new religion around them, tattooing sine waves onto their foreheads.
Indeed, that sort of social engineering is all about looking the part.
I once knew someone who was able to swipe an unused payphone in broad daylight at lunchtime on a busy strip with lots of outdoor seating. The trick? Navy blue pants, blue "repairman" style shirt, a tool bag, and looking like you are supposed to be doing what you are doing.
"Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
The City of Tallahassee has those "smart" parking meters with smartcard readers. Of course, the City has never announced any plans to offer parking smartcards.
It would be useless. The City's parking enforcement staff do close to nothing, so meters are considered free parking.
Small town, not much to do in the evenin'.
"To get a closer look at the chips on the cards, researchers used acetone to remove the pastic surrounding them, put them in a small vial of heated fuming nitric acid, rinsed them in acetone and then placed them in a ceramic package for probing."
Err ,yeah, I do that sort of thing every day in my kitchen!
Lets be honest , "anyone" is a relative term here - anyone whos a whizz with low level logica gate analysis plus knows some chemistry and has access to occiliscopes etc may be able to do it - a normal office guy like me can't. Perhaps a bit too much false modesty on the part of the article author.
The headline makes it sound like hackers are routinely scamming the system, but there is no indication of this whatsoever in the article. It is improper of /. to impugn these guys when all they have done is demonstrate the vulnerability.
Having a hacked card is of no use if one cannot find a parking space. Most people who have attempted to park in SF know the time wasted finding a space is usually worth more than the cost of the parking.
Nevertheless, hacking the system is interesting.
-Todd
Omne ignotum pro magnifico.
of U.S. state and federal taxes? This question presumes the
U.S. has NOT collapsed.
Yours In Evasion,
Kilgore Trout
If it's just to keep people from staying in a space too long, there's no need to charge, just have a timer hooked up to a proximity sensor of some kind (maybe like the ones at traffic lights), which activates a camera.
The meter pays for the proximity sensor and the monitoring to exclude false positives.
Just have something people can swipe their credit cards
Credit card companies tend to charge a prohibitive percentage for small transactions.
The Mythbusters are located in San Francisco so I can only assume they are used to geeky types doing weird stuff
The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness.
TFA, kiinda ludicrous.
First of all, how do you hook up an oscilloscope to a parking meter without disassembling it?
Then, what could you get from that that you could not get just by reading the card stripe with a $29 card reader?
One suspects this "black hat" just read a valid card on a card reader, swiped it in a parking meter, then re-read the card and noted the changes.
In any case, since it's unlikely that the parking meters are networked, all he had to do was clone a good card and he's set.
No oscilloscopes or trickery needed.
Back in the 90's in Berkeley (across the bay from SF) they had serious problems with people hacksawing the meters right off their posts and lobbing them into the bay. There is apparently more than one way to hack parking meters to get free parking.
So the hackers, having figured out how to rig the meters, set up their own meters at a few places in the city. With them they place large signs "Hacker Parking Only, Everyone Else $1,000,000". One day they notice a Porsche 959 pull up to the meter. A somewhat geeky looking man in his mid-50s gets out, looks at the sign, places a card in the meter, and it flips over to "2 hours paid". One of the hackers then walks up to the man and says "Hey, Bill Gates! I knew you started out as a hacker but I didn't know you still kept in the game!". And Gates says "What hack? I just paid the meter".
Compared to other things I've seen in the Bay Area, a guy with an o-scope attached to a parking meter would be pretty damn tame.
What?
When I geocache in downtown I just carry a metal folding clipboard and write notes if I need "cover" in an exposed area. Taking down (useless, made-up) numbers from a tape measure helped once when two guys were watching me too closely. :7)
I have read of some cachers who keep a high-vis yellow vest in their bag just for situations like this, and I myself once saw a guy wearing one go right into the edge of a construction zone to take tourist photos. (I could tell he probably wasn't employed by the site because he wandered from there right over to a gondola tied up in front of the local mall and shot off some pictures of it, and the flowers, and.... :7)
Why would anyone want to steal a pay phone?
And people wonder why California is going bankrupt?
I hope the "black-hat hackers" that are stealing city funds by not paying the parking meter also do not expect the state to also pay for things like health care.
A few people getting free parking is one thing, but giving out an instruction manual which may result in lots of revenue being taken away from the city is another.
Fixed that for ya.
It's not feasable to make every part of society completely bulletproof, societal trust is part of many areas of this. People keep the trust because they are supposed to and because it'd be a big hassle to do otherwise.
In a neighbourhood, one neighbour may have a shed she doesn't want you playing around in. She might tie it shut with a rope, use a padlock, or even an electronic lock, depending on how much she cares. None of this is meant as a challenge - untying the rope, picking the lock, or messing with the electronic lock are all within the capabilities of some people. It's not cute to say "Your lock was not good enough, that's why I was in your shed".
I've read 2600 for years (it's sometimes interesting when one can get past the juvenile attitude), and know people in the community. The standard preface of "I am just doing this for intellectual curiosity and do not laud nor do things like this" is more legal covering of asses than anything else. In some areas maybe we can't rely entirely on societal trust and it's accidentally helpful to have people prodding at these systems, but they're still a nuisance and I would not trust the community in general to use that knowledge responsibly. I've known too many people who have bad attitude towards society in general and who would take these things as far as they can for personal benefit.
Being clever is great. Being clever in ways that hurt society is not.
For every problem, there is at least one solution that is simple, neat, and wrong.
I usually buy the $5 cards, and pick up the cards people have throw away on the ground. If you break the card in half so the Chip is still on the one side, and the extruded side after inserting is not accessible. You can place the card in a meter and after about a minute the meter will go into an out of service mode, and makes the card hard to remove. In this out of service mode you can not get ticketed, since it is a broken meter. You may additionally place super glue on the card so the machine has to be taken apart to be fixed. I am waiting for someone to take out an entire street with this concept.
P.S. I found this out by mistake, and do not suggest legally anyone doing this.
"Crackers Get Free Parking In San Francisco"
Research or not, the powers that be don't take kindly to this kind of thing...
You don't want to end up like Captain Crunch. He got caught with a bunch of bogus BART cards (he says it was his housemates) and went to prison. His back was broken by other inmates and now he is forced to find strapping young men to assist him with his physical therapy.
That's for 1% of the population. The other 99% of passersby wouldn't give a shit (most not even noticing).
For example, you could spend ten minutes stealing a bike with a really good lock on a busy street corner in most major cities, and the most you'd probably get is pedestrians grumbling you're blocking the sidewalk.
- RG>
Hey pal, this isn't a pleasantforest, so don't waste my time with pleasantries!
And then you get "accidentally" shot because a police officer thought you were a terrorist and he thought you were reaching for a gun.
I'm not against what you are saying, but i'm just saying don't underestimate the stupidity of the police.
Hackers Get Free Parking In San Francisco
I thought they were just going to start letting us park for free because we're so cool.
When oscilloscopes are outlawed, only outlaws will have oscilloscopes.
Parking meters shouldn't have to be designed to be as secure as supermax prisons. The fact that you can hack a parking meter proves that you are an anti-social asshole with no understanding of the social contract, not that you're particularly clever.
People who call themselves "security researchers" and claim to be provding some sort of valuable social service with their stunts are full of self-serving crap. If I go down the street throwing rocks through windows, I'm not acting as a "window-glass researcher", and I'm not providing a valuable service to society.
Why don't you get a job doing something productive, like selling Big Macs? Or maybe learn to talk to girls?
Hell, you can virtually photocopy the stuff these days. If you're going to defraud people of goods and services, then you might as well go the universal route.
Deleted
Many businesses hate parking meters, it doesn't help their store, but it definitely keeps people from ever parking as they head off to a big box so they don't need to deal with the crap of a city nickel and diming them, as they have to consider a constantly running down meter, and the cost of even looking at one of our stores is higher than our competitor due to the meter, as well as the downtown it out of the way compared to a mall shopping plaza.
Many businesses including my own offer to pay for your ticket if you get one when you are in the store, its about the only thing we can do besides lobby the city to get them removed, which has been successful at some stores and has improved business. In other places we have a jar of nickels which we give away free for the meter (Nickels work best so people don't take too many) Meters cost us thousands of dollars a day and probably make the city 20 bucks after the cost of collections.
The real solution to the issues you presented are parking enforcers chalking tires, and towing cars that are parked for hours, a meter could actually keep a broken car on a street if people kept feeding it, (I have seen it) a chalker can just know its the same car that has been there all day and get it towed. It is just as effective at keeping spaces moving, but doesn't keep customers away. If there is a broken car in front of a store, you call the police and it gets removed.
Web Developers: Celebrate to our roots! Animated Gifs and Tiled Backgrounds, dont let our history die!
So?
I gotta say, if I were a taxpayer in San Francisco, a handful of guys getting free parking would be the least of my worries.
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
Cool Hand Luke goes to Black Hat...
tomorrow who's gonna fuss
No one cares. And with the shim method, you can just sit in your car with the cables going through your window if you don't want to look like you are loitering. And yes it is very common for SF'ers to sit in the car on an empty meter for 'errands', even double parking for a few minutes.
from 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
to 45 2F 6E 40 3C DF 10 71 4E 41 DF AA 25 7D 31 3F
There are some "smart" parking meters in downtown LA. I watched a bum mess them up with a paper clip. He just put a paper clip in the slot, wiggled it around and then the meter read "Out of Service".
When i was in college in Savannah GA, we would scrape a penny perpendicular to the ground for a few seconds and flatten one side, then put it in the dime slot. It would give you maximum time on any meter in the city. Eventually we just got a pair of tin snips and cut hundreds of pennies and kept them in the car for parking.
Why not? I wouldn't mind having one as my landline.
from 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
to 45 2F 6E 40 3C DF 10 71 4E 41 DF AA 25 7D 31 3F
Better keep a lot of quarters around. :-)
You jest, but I don't think you'd need to put quarters in the payphone to make a call on a landline. That's all handled on the telco's end of the line; the pay phone just plays a special code to inform the telco that the proper amount of change was deposited.
You've got a live connection to the telco as soon as you pick up the handset: as evidenced by the fact that you can dial 911. Since the line is designated as a pay phone on the telco's end, their switching will wait until it gets the indication that you've paid for the call before it lets you dial any other number.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
A lot of gangsters reading Slashdot today?
Yes that usually works, any place where it is an option our google listings make sure to mention "Free parking for two hours in public lot located 1/4th a mile east."
That definitely takes the sting off and people take advantage of it, so long as people googling can see there is an option for free parking they will be more likely to come.
We realize that the 1-2 dollars of a meter is a tiny fee, compared to the gas they spent to get here, but there is something psychological which makes a nickle for the meter sting more than anything else, which is why we try to foot the bill in any way we can, because a customer worth hundreds of dollars is worth 50 cents or at worst a 20 dollar ticket.
Some other people downtown like salons and dentists (who are also working to get the meters removed) offer to feed the meters for you while you wait, so long as you inform them where your car is parked and what car it is. Its a hassle, but again downtowns are fighting to survive, and the supercentermegamallcomplex is running strong as ever, with frankly a lot of benefits including convenient parking.
Web Developers: Celebrate to our roots! Animated Gifs and Tiled Backgrounds, dont let our history die!
'It seems like the system wasn't analyzed at all.'
Of course it wasn't. QA costs money and provides no tangible product. And QA departments are always asking for more resources with which to perform tests on. And QA always slows down release schedules by adding extra development time or to run all their little tests or their annoying little procedures and policies. In the meantime the customers are getting impatient and the balance sheet is slipping.
If you absolutely must have some sort of quality process, to sate your investors or customers or federal agencies or whoever, you can get cheap testers overseas who have never seen your product before and no nothing about your industry, and can receive your build and run some brief, but well-documented smoke tests on it overnight, and then send it back to you with the OK stamp you paid them for. The next time you want to know if your product works right, just get new overseas testers who aren't all wrapped up with knowing all the things that happened the last time or hold any of the burden of having ever seen your product before.
Nobody cares if you make a *good* product. They care if you make a product *fast*. And cheap.
Why is Wal-Mart so successful? Well, for starters, they offer lots of cheap things. You don't see Wal-Mart wasting money and holding up stock by worrying about quality. You want quality? Go to Sears -- haha, I joke, Sears is now K-Mart.
Once it's out the door, who cares? You got paid for it already. It's much cheaper to staff a call center to take customer complaints. And you can have that "done" overseas too.
Terrorists can attack freedom, but only Congress can destroy it.
http://www.youtube.com/watch?v=pV1yHrqXA88
go about 1 minute into this film.
I would imagine that depends on the particular payphone. You can certainly buy payphones off the shelf that are designed to plug into a normal landline and handle everything at the payphone end (and yes that includes letting 0800 and 999 calls through without payment).
I would guess that how telco payphones work would depend on both the age and the particular payphone. The BT ones at least seem to have some intelligence at the phone end since they have things like a display for remaining credit.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
If this story is true, then it's time to start treating these @sshats like the criminals they are. Throw them in a supermax and forget about them.
My peace of mind does not depend on
A friend of mine was working in a chain hardware store, inside a large shopping mall, when they discovered someone had stolen a 10 foot ladder on a busy Saturday lunchtime. It's really just about having the balls for it.
"Those who cast the votes decide nothing; those who count the votes decide everything." (attrib. Joseph Stalin)
Or, as in "writing bad checks." "Sticking up a QuickieMart." "Running past the ticket taker at a movie."
Wouldn't want to confuse that with "Free" software, would we?
"Inquiring Minds Want to Know!"