Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Get Free Parking In San Francisco

Posted by timothy on from the usually-spots-at-the-end-of-the-judah-line dept.

Hugh Pickens writes "PC World reports that at the Black Hat security conference this week, security researchers say that it is pretty easy for a technically savvy hacker to make a fake payment card that gives them unlimited free parking on San Francisco's smart parking meter system. 'It wasn't technically complicated and the fact that I can do it in three days means that other people are probably already doing it and probably taking advantage of it,' says Joe Grand. 'It seems like the system wasn't analyzed at all.' To figure out how the payment system worked, Grand hooked up an oscilloscope to a parking meter and monitored what happened when he used a genuine payment card. Grand discovered the cards aren't digitally signed, and the only authentication between the meter and card is a password sent from the former to the latter. Examining the meters themselves could yield additional vulnerabilities that might allow someone to conduct other kinds of attacks, such as propagating a virus from meter to meter via the smart cards or a meter minder's PDA."

8 of 221 comments (clear)

  1. Re:Portable Oscilloscope? by rodrigoandrade · · Score: 4, Insightful

    Geez, at those prices, wouldn't it be cheaper to just pay for the damn parking card???

  2. Re:Free parking! Just uh.. oh crap. by Canazza · · Score: 5, Insightful

    He was probably wearing a high-vis jacket and wearing heavy leather gloves. He'd have looked like an ordinary electrician. If anyone asks he was 'reparing' the meter.

    --
    It pays to be obvious, especially if you have a reputation for being subtle.
  3. Re:Parking Meter Botnet by jellomizer · · Score: 4, Insightful

    Yes I am upset by this.
    If more then just a small handful of people start doing this then they will raise the price for parking for the people who do it legally.
    They may have to go and fix the system causing us to pay for it in taxes, as well future systems will need to be more expensive as they need to deal with hackers breaking the system all the time.
    The reason for meters besides revenue collection is to control the availability of parking spots. Metered parking helps keeps store front spots open for customers. As well keeps abandoned or broken cars sitting indefinitely in good parking spots.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  4. Re:"other people are probably already doing it" by Vellmont · · Score: 4, Insightful


    Would it have been better to have a system with a few hackers taking advantage and skipping some parking fees, versus a now-comprimised system

    Stupid knowledge! You just ruin it for everyone. If only we'd be more ignorant and stick our heads in the sand there would be no problem.

    Did you ever think that someone beyond curious hackers looking for a few free hours of parking might be interested in this? Like say.. criminals selling counterfeit parking cards at 1/3 the price?

    --
    AccountKiller
  5. Re:Parking Meter Botnet by Shaltenn · · Score: 4, Insightful

    Maybe the fact that 90% of the time people don't have change on them? Society as a whole is becoming a lot more dependent on ATM cards, credit cards, etc as opposed to cash money. This means that people don't have coinage nor dollars, but instead a plastic card in their wallet. I have seen machines that take cards and coins and even dollar bills. This seems like the best idea. Any te

    --
    If you were offended by anything I said... No, I'm not sorry. Please lighten up.
  6. Re:Parking Meter Botnet by Aceticon · · Score: 4, Insightful

    Many cities around the world deploy parking meters in places where there is no lack of parking places as a form of revenue for the local authorities.

    Also parking meters are usually deployed in such a way as to eliminate all other parking alternatives (if the purpose was to make parking spaces available for those who really need it, then only some of the places would need to be made "premium" with parking meters while most spaces would remain free)

    To further enhance the income from parking, most parking meter systems are also designed in such a way (pay first) that users either have to overpay (pay more time than you use) or are hit with significant fines for going overtime.

    This is why most people hate parking meters and other paid parking system in public spaces.

    I for one welcome our new parking meter infecting virus overlords.

  7. Re:Parking Meter Botnet by Rasperin · · Score: 4, Insightful

    What are you talking about, it's very expensive to fix. First you have to pay for the code updates, that's going to be a million, take a year, and be delivered late. Then, you have to do a mass software update, that's going to be another 10 million. Then lastly, the most expensive part, a "hardware update" issuing new cards to be compliant with the new standard to match. I don't even want to dream how much that would cost.

    *My numbers may be artificially inflated from working with IBM.

    --
    WTF Slashdot, why do I have to login 50 times to post?
  8. Re:Parking Meter Botnet by blueskies · · Score: 4, Insightful

    They made that decision when they bought shitty meters.