You’ve probably already heard about how security researchers with Grand Idea Studio have discovered a way to hack into the computerized parking meters across San Francisco, but do you have any idea what the City’s planning to do to stop it?
The hybrid meters, which accept pre-purchased smart cards as well as coinage, were first conceived in an attempt to deter theft. San Francisco launched the $35 million dollar instillation in 2003 to counter the estimated $3 million dollars lost each year to thieves, and unscrupulous meter maids.
J. J MacKay Canada, the company that designed the meters, says it uses “sophisticated security algorithms to deter fraud,” but it took Joe Grand and his team at Grand Idea only three days to “de-sophisticate” their codes. Even more troubling is the fact that the meters preform no upper bound checks, so hackers could theoretically boost a smart card’s limit to well beyond what they could purchase legitimately.
Grand has no doubts that hackers have already begun to take advantage of the security loophole. The president of Grand Ideas Studios told reporters “If I found this problem, chances are someone else knows about the problem and is exploiting it.”
We emailed SFMTA spokesperson Judson True to find out more about what they’re planning on doing to manage this fraud and hack. He responded, saying he’d have an answer for us in a bit, so you’ll know as soon as we do.