Hackers have figured out a way to trick San Francisco's computerized parking meter system into giving away unlimited free parking by cloning the smart cards used to pay fees.Well knock me over with a feather. New public services introduced without any security?
Speaking at the Black Hat security conference in Las Vegas, hackers Jacob Appelbaum, Joe Grand and Chris Tarnovsky said they were able to compromise the system by monitoring the communications that occur between the electronic meters and the smart cards. They were then able to carry out what's known as a replay attack, in which the communications were repeated on their own blank smart cards.
"We own the San Francisco parking meter system," Appelbaum said in an interview with El Reg. "They clearly did not do enough due diligence if at all from a security perspective. The idea that someone is not already exploiting it is sort of laughable."
Next thing you know, they'll say electronic voting isn't secure or something. Oh, wait ...
UPDATE 31 July 2009 10:49: More at Slashdot, where the comments are - as always - interesting. Including a discussion of Concealed Oscilloscope Permits. Really.