Friday, July 31, 2009

Up the system! Power Parking Spaces to the People!

Seems like San Francisco's nifty new e-Parking meters have all the security robustness and strength of moonbeams or cotton candy:
Hackers have figured out a way to trick San Francisco's computerized parking meter system into giving away unlimited free parking by cloning the smart cards used to pay fees.

Speaking at the Black Hat security conference in Las Vegas, hackers Jacob Appelbaum, Joe Grand and Chris Tarnovsky said they were able to compromise the system by monitoring the communications that occur between the electronic meters and the smart cards. They were then able to carry out what's known as a replay attack, in which the communications were repeated on their own blank smart cards.

"We own the San Francisco parking meter system," Appelbaum said in an interview with El Reg. "They clearly did not do enough due diligence if at all from a security perspective. The idea that someone is not already exploiting it is sort of laughable."

Well knock me over with a feather. New public services introduced without any security?

Next thing you know, they'll say electronic voting isn't secure or something. Oh, wait ...

UPDATE 31 July 2009 10:49: More at Slashdot, where the comments are - as always - interesting. Including a discussion of Concealed Oscilloscope Permits. Really.

1 comment:

TOTWTYTR said...

The obvious answer is to find and prosecute those irresponsible people at the Black Hat conference who brought this to light. Because, you know, if we can suppress public information like this, then our problem will be solved.

The problem being incompetence of some public officials. If the public doesn't know what we are giving away free parking, the problem is solved!