Feeds

Meter insecurity raises specter of free parking hacks

Cloned card could allow unlimited parking

Top 5 reasons to deploy VMware with Tegile

Black Hat Hackers have figured out a way to trick San Francisco's computerized parking meter system into giving away unlimited free parking by cloning the smart cards used to pay fees.

Speaking at the Black Hat security conference in Las Vegas, hackers Jacob Appelbaum, Joe Grand and Chris Tarnovsky said they were able to compromise the system by monitoring the communications that occur between the electronic meters and the smart cards. They were then able to carry out what's known as a replay attack, in which the communications were repeated on their own blank smart cards.

"We own the San Francisco parking meter system," Appelbaum said in an interview with El Reg. "They clearly did not do enough due diligence if at all from a security perspective. The idea that someone is not already exploiting it is sort of laughable."

During their 75-minute talk, the team showed a picture of a cloned smart card in one of the San Francisco parking meters. It's value: $999.99. The team was careful to say they never actually used any of the stored credit to pay for parking.

The hack is only the latest to highlight vulnerabilities in a new generation of electronic payment systems that collect parking fees and bus and train fares. Parking meters in New York were compromised in 2001 using infrared remote controls, and three years later weaknesses in stored-value cards used by San Diego were exposed by a hacker who goes by the name H1kari.

Last year, three undergrads from the Massachusetts Institute of Technology uncovered critical vulnerabilities in electronic fare-payment systems used by Boston's mass transit system, but were prevented from speaking about them during the Defcon hacker conference.

The process used to hack the San Francisco system was fairly straightforward and took only three days to devise. It involved using an off-the-shelf smart-card shim, and monitoring what happened using an oscilloscope. The team then analyzed the data using pen and paper and wrote a program that would repeat the process with programmable smart cards they bought off the internet.

The smart cards work in McKay Guardian XLE meters, which can accept either coins or electronic payments. Many other cities use the same model parking meters, but because of differences in the way they are configured, the team couldn't say whether the technique they used would work outside of San Francisco.

Parking meter displaying smart card balance of $999.99

The researchers said they gained valuable insights into the meter's inner workings by purchasing them on eBay and watching how they functioned. They said their research was intended to expose weaknesses that could cost San Francisco taxpayers millions of dollars in lost revenue, and not to enable people to actually carry out the attacks.

They plan to release the source code for their replay software but will modify important bits to prevent script kiddies from using it to get free parking. ®

Intelligent flash storage arrays

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Shellshock over SMTP attacks mean you can now ignore your email
'But boss, the Internet Storm Centre says it's dangerous for me to reply to you'
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.