Feeds

Meter insecurity raises specter of free parking hacks

Cloned card could allow unlimited parking

Reducing security risks from open source software

Black Hat Hackers have figured out a way to trick San Francisco's computerized parking meter system into giving away unlimited free parking by cloning the smart cards used to pay fees.

Speaking at the Black Hat security conference in Las Vegas, hackers Jacob Appelbaum, Joe Grand and Chris Tarnovsky said they were able to compromise the system by monitoring the communications that occur between the electronic meters and the smart cards. They were then able to carry out what's known as a replay attack, in which the communications were repeated on their own blank smart cards.

"We own the San Francisco parking meter system," Appelbaum said in an interview with El Reg. "They clearly did not do enough due diligence if at all from a security perspective. The idea that someone is not already exploiting it is sort of laughable."

During their 75-minute talk, the team showed a picture of a cloned smart card in one of the San Francisco parking meters. It's value: $999.99. The team was careful to say they never actually used any of the stored credit to pay for parking.

The hack is only the latest to highlight vulnerabilities in a new generation of electronic payment systems that collect parking fees and bus and train fares. Parking meters in New York were compromised in 2001 using infrared remote controls, and three years later weaknesses in stored-value cards used by San Diego were exposed by a hacker who goes by the name H1kari.

Last year, three undergrads from the Massachusetts Institute of Technology uncovered critical vulnerabilities in electronic fare-payment systems used by Boston's mass transit system, but were prevented from speaking about them during the Defcon hacker conference.

The process used to hack the San Francisco system was fairly straightforward and took only three days to devise. It involved using an off-the-shelf smart-card shim, and monitoring what happened using an oscilloscope. The team then analyzed the data using pen and paper and wrote a program that would repeat the process with programmable smart cards they bought off the internet.

The smart cards work in McKay Guardian XLE meters, which can accept either coins or electronic payments. Many other cities use the same model parking meters, but because of differences in the way they are configured, the team couldn't say whether the technique they used would work outside of San Francisco.

Parking meter displaying smart card balance of $999.99

The researchers said they gained valuable insights into the meter's inner workings by purchasing them on eBay and watching how they functioned. They said their research was intended to expose weaknesses that could cost San Francisco taxpayers millions of dollars in lost revenue, and not to enable people to actually carry out the attacks.

They plan to release the source code for their replay software but will modify important bits to prevent script kiddies from using it to get free parking. ®

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.