As we move farther and farther into the digital age, we begin to see some serious problems with an all-digital lifestyle. Take parking meters, for example. As much as a pain as it is to root under your car seat looking for loose change to feed the meter, there aren’t too many ways to avoid actually putting money into a traditional meter. (Or maybe there are. I haven’t bothered to investigate, since I don’t currently own a vehicle.) Newer electronic parking meters, though, can be pretty easily subverted, as demonstrated at the Black Hat conference this week.
I suppose “easily subverted” is a bit hyperbolic, since you need to be willing to buy a couple parking meters from eBay, own and know how to use an oscilloscope, and put together some custom circuit boards. Most of that puts this attack squarely outside of my abilities. Nonetheless, enterprising hackers have examined and found weaknesses in the electronic parking meters used around San Francisco. Pre-paid cards keep track of how many times they’ve been used, so most of the logic is in the card: when the number of uses exceeds the dollar value assigned to the card, it’s no longer valid. You have basically two choices: put a super high dollar value on the card, or simply ignore the meter’s instruction to record a new use. Either way the result is the same: you can park for free!
I suspect there are a number of easy ways for this attack to be foiled but they’ll all cost money, which means that the parking meter companies will be hesitant to implement them. And really, what was so wrong with the old fashioned meters that they needed to be digitized?