Black Hat 2009: How to hack a parking meter

At Black Hat this week, security researchers showed how a technically savvy hacker can make a fake payment card that allows unlimited free parking on San Francisco's smart parking meter system

intro

How to hack a San Francisco parking meter: This is how a San Francisco parking meter should look; a proper payment card has been inserted to pay for additional parking time. But security researchers at the Black Hat conference have discovered a way to trick the meters into accepting a fake payment card, thereby granting unlimited free parking.

Meter service: A technician works on San Francisco's smart meters. As part of their research, Joe Grand and Jacob Appelbaum gathered information on the systems by simply asking city workers technical questions about the meters.

Inside the meter: Here's a look at the circuitry inside the smart meter.

Check out those chips: To get a closer look at the chips on the cards, researchers used acetone to remove the plastic surrounding them, put them in a small vial of heated fuming nitric acid, rinsed them in acetone, and placed them in a ceramic package for probing.

Figuring out how the transaction works: The researchers put this shim between the smart card and the reader so that they could monitor the transaction with an oscilloscope.

Another look at the shim: Another view of the custom shim used to read the smart card transaction, complete with Joe Grand's Grand Idea Studio logo.

Paying for a lot of parking time: The payoff! A San francisco parking meter showing the balance on Joe Grand's hacked card.

The man with the grand idea: Joe Grand at Black Hat in Las Vegas Tuesday, after giving a tutorial on hardware hacking.