Paid parking is a cancer on society
See rant above...
Hackers have figured out a way to trick San Francisco's computerized parking meter system into giving away unlimited free parking by cloning the smart cards used to pay fees. Speaking at the Black Hat security conference in Las Vegas, hackers Jacob Appelbaum, Joe Grand and Chris Tarnovsky said they were able to compromise the …
If it were me, I'd just look between New York Avenue and Kentucky Ave. Of course if I were in the UK, it would be between The Strand and Vine Street.
Then again, I've got one of those remote transponders (called FasTrak here) that does parking now at the local airport. A nice man-in-middle attack ought to work there!
Years ago, a cerrtain well-known UK company started making staff use swipe cards to pay for stuff in the restaurant and staff shop, and we were supposed to go and put our money on the card *before* buying stuff. Of course, most people would load their cards at the start of the week or, in some cases, put loadsamoney on every (monthly) payday - thus letting the company collect the dosh and earn the interest.
The thing was, it didn't take long for the electronics whizzes to work out that they only needed to put the money on one card, then clone it using equipment they had just lying around... and since they dumped the data from the real card onto the computer in their lab, they never needed to put real money on at all... they just copied the 'full' card back to their empty ones. This worked even after the company switched to an rfid-based card.
Unfortunately I left just after they brought in the version that read the serial number from the card (different number every card, and the system monitored how much was put on and when), so I don't know how they got around that...
My Flat utilizes a pay card system for the laundry facility... at $1.10 to wash and $1.10 to dry it costs me nearly $40 a week to do laundry when just across town there is a $0.25 a load laundry mat, and pick up / drop off laundry service would cost $50 / week... I fail to see why I should pay this much and have been tempted to get a card reader for the purpose of leveling the playing field... yet alas I look rather drab in stripes.
"The idea that someone is not already exploiting it is sort of laughable."
I doubt if anybody is already exploiting this. I suspect that they are the first people to bother trying to brake the system. How many people will buy a parking meter to crack the system with teh risk that they cannot do so just to try to save some parking money?
Can you make a business selling these cards? The only people interested in buying them will be people leaving their car on a parking spot every day in San Francisco, so by selling them you will be taking quite a risk for a small number of potential sales. I suspect many parking systems have weak security (and most important, cheap security), based on the idea that they are not worth braking.
OK, call me sceptical, but just how do Parking Meters come up for sale on eBay ? I mean I've seen some fairly weird shit, but Parking Meters ? Sadly I'm at work and can't visit the tat bazaar to find out if there are any currently available - anyone
I guess anything is possible in the good ol' U. S. of A.
Paris? - I don't think anyone has cloned the key for her slot
<<... at $1.10 to wash and $1.10 to dry it costs me nearly $40 a week to do laundry>>
Christ-on-a-bike! Do you do one sock at a time??? Can't you pop a washing machine in the bathroom like we have? Costs next to Bugger Hall. Watching it do its stuff must be vastly more entertaining than 'Merkan TV channels...
Meters are not classified military equipment or anything, if you want to put a meter system in your car park, you need to buy a meter. Is it really so different from a magstriper or a cash register for that matter? Not being useful to consumers doesn't mean not having a use and market at all!
You sir owe me a new keyboard!
I was just about to say at $2.20 for a wash and dry that is about 18 wash/dry cycles per week so iether they are doing the laundry for everyone in the apartment block or, as you suggest the machines are incredibly small requiring the washing of each item individually
$40 per week, $200 per month, fuck me just throw your old clothes away and buy some new stuff.....
In the good old days of coin operated parking meters all that you needed to crack those devices was a 10lb Sledge Hammer.
Now these people use fancy mancy smart cards.
Tsk Tsk, a 10 lb sledge hammer will have the same effect on the new stuff. ...
Modern Youth - I ask you.
remember the guys that got caught driving about london with a 7tonn van and hundreds of parking meters in the back.
they reversed over the meters and then chucked them in the back..... off to the next one...
they made a fortune...
but got caught when a witness to thier escapades rang the police.
that must be have been a first...
the police actually bothering to turn up to nick some villans whist on the job.
This is nothing new. There is always one problem with large scale projects like this. The systems are off-line. Thus meaning the monetary value of the parking has to be stored on the card.
There are multiple ways to get information on the data structure on the card.
The cheaper system will use off the shelf cards that just read/write in any smartcard reader.
You take a dump of a card. And use it in the meter. Take another dump and analyse the two dumps and you will see where the value is stored.
Using a data interceptor to log conversations. You can do this within 30 seconds sat next to the meter with a laptop.
Breaking into the meter to install software/hardware to intercept data.
This mostly resolves down to the meter not checking the value written to the card was written by a legitimate source.
Biting the hand that feeds IT © 1998–2019