Feeds

Meter insecurity raises specter of free parking hacks

Cloned card could allow unlimited parking

Top 5 reasons to deploy VMware with Tegile

Black Hat Hackers have figured out a way to trick San Francisco's computerized parking meter system into giving away unlimited free parking by cloning the smart cards used to pay fees.

Speaking at the Black Hat security conference in Las Vegas, hackers Jacob Appelbaum, Joe Grand and Chris Tarnovsky said they were able to compromise the system by monitoring the communications that occur between the electronic meters and the smart cards. They were then able to carry out what's known as a replay attack, in which the communications were repeated on their own blank smart cards.

"We own the San Francisco parking meter system," Appelbaum said in an interview with El Reg. "They clearly did not do enough due diligence if at all from a security perspective. The idea that someone is not already exploiting it is sort of laughable."

During their 75-minute talk, the team showed a picture of a cloned smart card in one of the San Francisco parking meters. It's value: $999.99. The team was careful to say they never actually used any of the stored credit to pay for parking.

The hack is only the latest to highlight vulnerabilities in a new generation of electronic payment systems that collect parking fees and bus and train fares. Parking meters in New York were compromised in 2001 using infrared remote controls, and three years later weaknesses in stored-value cards used by San Diego were exposed by a hacker who goes by the name H1kari.

Last year, three undergrads from the Massachusetts Institute of Technology uncovered critical vulnerabilities in electronic fare-payment systems used by Boston's mass transit system, but were prevented from speaking about them during the Defcon hacker conference.

The process used to hack the San Francisco system was fairly straightforward and took only three days to devise. It involved using an off-the-shelf smart-card shim, and monitoring what happened using an oscilloscope. The team then analyzed the data using pen and paper and wrote a program that would repeat the process with programmable smart cards they bought off the internet.

The smart cards work in McKay Guardian XLE meters, which can accept either coins or electronic payments. Many other cities use the same model parking meters, but because of differences in the way they are configured, the team couldn't say whether the technique they used would work outside of San Francisco.

Parking meter displaying smart card balance of $999.99

The researchers said they gained valuable insights into the meter's inner workings by purchasing them on eBay and watching how they functioned. They said their research was intended to expose weaknesses that could cost San Francisco taxpayers millions of dollars in lost revenue, and not to enable people to actually carry out the attacks.

They plan to release the source code for their replay software but will modify important bits to prevent script kiddies from using it to get free parking. ®

Internet Security Threat Report 2014

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.