Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Get Free Parking In San Francisco

Posted by timothy on from the usually-spots-at-the-end-of-the-judah-line dept.

Hugh Pickens writes "PC World reports that at the Black Hat security conference this week, security researchers say that it is pretty easy for a technically savvy hacker to make a fake payment card that gives them unlimited free parking on San Francisco's smart parking meter system. 'It wasn't technically complicated and the fact that I can do it in three days means that other people are probably already doing it and probably taking advantage of it,' says Joe Grand. 'It seems like the system wasn't analyzed at all.' To figure out how the payment system worked, Grand hooked up an oscilloscope to a parking meter and monitored what happened when he used a genuine payment card. Grand discovered the cards aren't digitally signed, and the only authentication between the meter and card is a password sent from the former to the latter. Examining the meters themselves could yield additional vulnerabilities that might allow someone to conduct other kinds of attacks, such as propagating a virus from meter to meter via the smart cards or a meter minder's PDA."

4 of 221 comments (clear)

  1. The usual solution by drgould · · Score: 5, Interesting

    The usual bureacratic solution in a case like this is to make it illegal to hook-up oscilloscopes to parking meters in San Francisco.

  2. Re:Free parking! Just uh.. oh crap. by langelgjm · · Score: 5, Interesting

    Indeed, that sort of social engineering is all about looking the part.

    I once knew someone who was able to swipe an unused payphone in broad daylight at lunchtime on a busy strip with lots of outdoor seating. The trick? Navy blue pants, blue "repairman" style shirt, a tool bag, and looking like you are supposed to be doing what you are doing.

    --
    "Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
  3. Finding a space. by bezenek · · Score: 4, Interesting

    Having a hacked card is of no use if one cannot find a parking space. Most people who have attempted to park in SF know the time wasted finding a space is usually worth more than the cost of the parking.

    Nevertheless, hacking the system is interesting.

    -Todd

    --
    Omne ignotum pro magnifico.
  4. Re:Parking Meter Botnet by sortius_nod · · Score: 4, Interesting

    I remember doing an easier hack on the parking meters in Newcastle AU. Grab a used Telstra smart card phone card, shove it in, meter breaks, free parking for a few days for everyone.

    It seems that the parking meter OS was unable to handle cards that didn't send the right data back, so went in to "out of order" mode.

    I suppose they got wise on these kind of simple hacks and changed the smart card system.