Smart parking meters in San Francisco hacked

It was only last year that I had discovered the new smart card system for parking meters in San Francisco that comes in $20 or $50 increments. They’ve been hacked.

To record the communication between the card and the meter, Grand purchased a smartcard shim — an electrical connector that duplicates a smartcard’s contact points — and used an oscilloscope to record the electrical signals as the card and meter communicated.

He discovered the cards aren’t digitally signed, and the only authentication between the meter and card is a password sent from the former to the latter. The card doesn’t have to know the password, however, it just has to respond that the password is correct.

If I was a little more clever with the tools I’d be trying to figure this out for myself already. Boosting cards would save me the hassle of the increasing parking meter prices and daily hours of operation.