Hackers Get Free Parking In San Francisco 221
Hugh Pickens writes "PC World reports that at the Black Hat security conference this week, security researchers say that it is pretty easy for a technically savvy hacker to make a fake payment card that gives them unlimited free parking on San Francisco's smart parking meter system. 'It wasn't technically complicated and the fact that I can do it in three days means that other people are probably already doing it and probably taking advantage of it,' says Joe Grand. 'It seems like the system wasn't analyzed at all.' To figure out how the payment system worked, Grand hooked up an oscilloscope to a parking meter and monitored what happened when he used a genuine payment card. Grand discovered the cards aren't digitally signed, and the only authentication between the meter and card is a password sent from the former to the latter. Examining the meters themselves could yield additional vulnerabilities that might allow someone to conduct other kinds of attacks, such as propagating a virus from meter to meter via the smart cards or a meter minder's PDA."
The usual solution (Score:5, Interesting)
The usual bureacratic solution in a case like this is to make it illegal to hook-up oscilloscopes to parking meters in San Francisco.
i wonder (Score:1, Interesting)
i wonder what kind of attacks would be possible after the city has replaced the meter software by software which actually uses a cryptographic method, like a challenge/response method between the meter and the card...
any ideas?
Free parking! Just uh.. oh crap. (Score:2, Interesting)
I'm not sure how normal that is in the bay area. To see some guy in a DeCSS tshirt hooking an O-scope to a parking meter.
Seriously, how did they achieve *that*? Flat ribbon cable between the card and the meter?
Re:Free parking! Just uh.. oh crap. (Score:5, Interesting)
Indeed, that sort of social engineering is all about looking the part.
I once knew someone who was able to swipe an unused payphone in broad daylight at lunchtime on a busy strip with lots of outdoor seating. The trick? Navy blue pants, blue "repairman" style shirt, a tool bag, and looking like you are supposed to be doing what you are doing.
Re:Parking Meter Botnet (Score:2, Interesting)
It costs $20 per hour plus pension and health insurance for a meter maid to go collect coins.
Finding a space. (Score:4, Interesting)
Nevertheless, hacking the system is interesting.
-Todd
Re:"other people are probably already doing it" (Score:3, Interesting)
Is it better for cities to rely on such stupid pieces of low-bidder refuse for tools like parking meters and US passports?
Erm... one is not like the other... I don't think that parking meters require the highest level of protection possible. Passports, OTOH...
Re:Parking Meter Botnet (Score:5, Interesting)
I remember doing an easier hack on the parking meters in Newcastle AU. Grab a used Telstra smart card phone card, shove it in, meter breaks, free parking for a few days for everyone.
It seems that the parking meter OS was unable to handle cards that didn't send the right data back, so went in to "out of order" mode.
I suppose they got wise on these kind of simple hacks and changed the smart card system.
Re:Free parking! Just uh.. oh crap. (Score:3, Interesting)
When I geocache in downtown I just carry a metal folding clipboard and write notes if I need "cover" in an exposed area. Taking down (useless, made-up) numbers from a tape measure helped once when two guys were watching me too closely. :7)
I have read of some cachers who keep a high-vis yellow vest in their bag just for situations like this, and I myself once saw a guy wearing one go right into the edge of a construction zone to take tourist photos. (I could tell he probably wasn't employed by the site because he wandered from there right over to a gondola tied up in front of the local mall and shot off some pictures of it, and the flowers, and.... :7)
Re:TFA, mostly wrong on the details (Score:2, Interesting)
Read TFPDF in TFA.
1) Digital scopes are lightweight and portable. He used a shim between the card and its contacts.
2) It wasn't a magstripe-based card. It was a smartcard. Gold-plated electrical contacts.
3) A digital 'scope isn't that far removed from a logic analyzer, and he was able to record the handshake between the card and the meter. He discovered that only a few bytes of that handshake ever changed during the transaction. On a stored-value card, if only a few bytes change per transaction, and they change predictably, it's pretty obvious what those bytes are going to be for.