Hackers Discover Electronic Parking Meters Are Incredibly Vulnerable

You know those centralized card-capable electronic parking meters popping up on city blocks all over? The ones displacing good old coin-op meters? They seem to have a massive security flaw that could allow unlimited free parking.

The meters have been hacked by "researchers" Jake Appelbaum and Joe Grand (who co-host Discovery Channel's Prototype This) and they've presented their findings at the annual Black Hat security conference. The duo plugged a smart card shim, which simulates the contact points on a purchased parking card, into a San Francisco smart meter and recorded the communication with an oscilloscope. After a couple days of analysis they discovered the communication between the machine and the card had a major flaw; the machine asks the card for a digital password and the card simply responds in the affirmative, any password will do.

The hole could be and probably is being exploited by ne'er do wells for free parking, but more nefariously it could be used to insert a virus into the machine, which could then be passed to the meter maid's communication PDA which could then infect all of the smart meters for a really fun time. Of course none of this was told to the San Francisco Parking Authority ahead of the talk at Black Hat, so now instead of placing gag order on the researchers and pretending there's no problem, they'll actually have to fix it. Enjoy the show San Francisco taxpayers. [Wired]