Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Get Free Parking In San Francisco

Posted by timothy on from the usually-spots-at-the-end-of-the-judah-line dept.

Hugh Pickens writes "PC World reports that at the Black Hat security conference this week, security researchers say that it is pretty easy for a technically savvy hacker to make a fake payment card that gives them unlimited free parking on San Francisco's smart parking meter system. 'It wasn't technically complicated and the fact that I can do it in three days means that other people are probably already doing it and probably taking advantage of it,' says Joe Grand. 'It seems like the system wasn't analyzed at all.' To figure out how the payment system worked, Grand hooked up an oscilloscope to a parking meter and monitored what happened when he used a genuine payment card. Grand discovered the cards aren't digitally signed, and the only authentication between the meter and card is a password sent from the former to the latter. Examining the meters themselves could yield additional vulnerabilities that might allow someone to conduct other kinds of attacks, such as propagating a virus from meter to meter via the smart cards or a meter minder's PDA."

12 of 221 comments (clear)

  1. Parking Meter Botnet by sopssa · · Score: 5, Funny

    Examining the meters themselves could yield additional vulnerabilities that might allow someone to conduct other kinds of attacks, such as propagating a virus from meter to meter via the smart cards or a meter minder's PDA."

    I, for one, welcome our new parking meter botnet overlords.

    1. Re:Parking Meter Botnet by xaxa · · Score: 5, Informative

      what was wrong with coin operated meters? Why do they need computers?

      Crimanal gangs target coin operated metres. For instance, "Cashless parking was trialled in Westminster [London] in October 2006 and in early 2007 the decision was taken to extend cashless parking city [of Westminster] wide. One of the primary drivers was the estimated £120,000 per week being lost to organised crime. Organised crime which led to murder on the streets of Westminster." (The murder was after one gang started taking the money from meters in another gang's "territory").

      A metal detector under the parking space and a camera nearby, and the computer could automatically issue a ticket (or automatically bill for the correct duration). And tell drivers how many spaces are available.

  2. The usual solution by drgould · · Score: 5, Interesting

    The usual bureacratic solution in a case like this is to make it illegal to hook-up oscilloscopes to parking meters in San Francisco.

    1. Re:The usual solution by n1ckml007 · · Score: 5, Funny

      Sir is that an oscilloscope in your pocket... ?

    2. Re:The usual solution by kimvette · · Score: 5, Funny

      Sir, do you have a concealed oscilloscope permit?

      --
      The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
    3. Re:The usual solution by JustOK · · Score: 5, Funny

      in a sinusoidal manner

      --
      rewriting history since 2109
  3. l0pht by Anonymous Coward · · Score: 5, Informative

    For reference, Joe Grand is one of the members of the l0pht hacker group that were announced to be making a comeback [url=http://news.slashdot.org/story/09/07/26/167251/Hacker-Group-L0pht-Making-a-Comeback?art_pos=1]here[/url]

  4. Re:Free parking! Just uh.. oh crap. by Canazza · · Score: 5, Insightful

    He was probably wearing a high-vis jacket and wearing heavy leather gloves. He'd have looked like an ordinary electrician. If anyone asks he was 'reparing' the meter.

    --
    It pays to be obvious, especially if you have a reputation for being subtle.
  5. Re:Free parking! Just uh.. oh crap. by value_added · · Score: 5, Funny

    He was probably wearing a high-vis jacket and wearing heavy leather gloves. He'd have looked like an ordinary electrician. If anyone asks he was 'reparing' the meter.

    San Francisco may be different, but I'd imagine that in most cities, if someone was seen beating a parking meter with a baseball bat, people passing by would nod approvingly, or perhaps cheer.

  6. 10 spaces away by surmak · · Score: 5, Funny

    In Monopoly just remember what is 10 spaces away from free parking (actually, in either direction). Something tells me that those who try this "Free Parking" trick may well end up rolling a pair of fives on their next move.

    Do not pass go, do not collect $200.

  7. Re:Free parking! Just uh.. oh crap. by langelgjm · · Score: 5, Interesting

    Indeed, that sort of social engineering is all about looking the part.

    I once knew someone who was able to swipe an unused payphone in broad daylight at lunchtime on a busy strip with lots of outdoor seating. The trick? Navy blue pants, blue "repairman" style shirt, a tool bag, and looking like you are supposed to be doing what you are doing.

    --
    "Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
  8. Drawing attention to the problem by russotto · · Score: 5, Funny

    So the hackers, having figured out how to rig the meters, set up their own meters at a few places in the city. With them they place large signs "Hacker Parking Only, Everyone Else $1,000,000". One day they notice a Porsche 959 pull up to the meter. A somewhat geeky looking man in his mid-50s gets out, looks at the sign, places a card in the meter, and it flips over to "2 hours paid". One of the hackers then walks up to the man and says "Hey, Bill Gates! I knew you started out as a hacker but I didn't know you still kept in the game!". And Gates says "What hack? I just paid the meter".