Meter Hackers Find Free Parking in San Francisco

IDG News Service — San Francisco's ambitious plans to roll out computerized smart parking meters have hit a snag: They can be hacked for free parking.

Security researchers say that it is easy for a technically savvy hacker to make a fake payment card that gives them unlimited free parking. To prove their point, they will talk about how they built just such a card in about three days at a computer security conference Thursday.

According to Joe Grand, owner of Grand Idea Studio, San Francisco's parking meters have no way of telling the difference between a genuine payment card and a fake. These cards can be used to pay 23,000 meters citywide.

Grand, who hadn't worked much with smart cards, said that the work wasn't particularly hard to do. His card simply replays the same signals used by genuine cards to the meter. Although he never actually used the card to get free parking, Grand said he was able to build a card with a balance of US$999.99 -- the maximum possible -- that would never run out of funds.

"If I found this problem, chances are somebody else knows about the problem and possibly is exploiting it," he said. "That's costing all of us taxpayers money."

To figure out how the payment system worked, Grand hooked up an oscilloscope to a parking meter and monitored what happened when he used a genuine payment card. He then analyzed that data by hand, and wrote a software program that would emulate the smart card. After some trial and error, he finally figured out what his program needed to say to the meter in order to work. Then he built a card that would replay the same data, using a programmable smart card called a Silver Card.

San Francisco uses McKay Guardian XLE meters, Grand said, but because these meters are implemented differently in different cities, his technique may not work outside of San Francisco.

Cities across the U.S. are rolling out computerized parking meter systems designed to be easier to pay and manage. San Francisco's smart meters were rolled out as part of a broader program, known as SFpark, which will eventually deploy parking sensors that can detect when a space is empty and transmit that information wirelessly to drivers looking for spots.

But there have been some problems. In May, about 125 smart meters in Chicago stopped working properly, prompting speculation that the machines may have been hacked.

City officials attributed the failure to a computer glitch, and Grand said that the city's explanation sounds about right. "I think personally that the failures were a firmware problem, a bug in the system," he said.

Continue Reading