"Smart Parking Meters" not as smart as the hackers who pwn them

smartmeters.jpg

A group of tinkerers and security researchers announced findings that prove it is possible to bypass the controls of "e-meter" parking meters — which means it's possible to park for free where such meters are in use. The group announced their findings last week at the 2009 Black Hat Briefings in Las Vegas. Snip:

Throughout the United States, cities are deploying "smart" electronic fare collection infrastructures. In 2003, San Francisco launched a $35 million pilot program to replace approximately 23,000 mechanical parking meters with electronic units that boasted tamper resistance, payment via smart card, auditing capabilities, and an estimated $30 million annually in fare collection revenue. Other major cities, including Atlanta, Boston, Chicago, Los Angeles, New York, Philadelphia, Portland, and San Diego, have made similar moves.

This presentation details our evaluation of electronic parking meters, including hardware disassembly, smart card protocol emulation, and silicon die analysis.

Slides and presentation: Smart Parking Meters: Grand Idea Studio.

News coverage: CBS, PC World, Venturebeat, internetnews, infoworld, CNET (thanks, Jake Appelbaum).