Pages

Advertisement

Saturday, August 1, 2009

Black Hat 2009: Parking meter hacking - Hack a Day


For day two of Black Hat, we sat in on on [Joe Grand], [Jacob Appelbaum], and [Chris Tarnovsky]’s study of the electronic parking meter industry. They decided to study parking meters because they are available everywhere, but rarely considered from a security perspective.

They focused on the San Francisco’s MTA implementation of electronic smart card meters. To start they purchased several meters on eBay just to see the different styles. SF MTA lets you purchase disposable payment cards with values of $20 or $50. They decided to sniff the interaction between the meter and the smartcard using a shim. With that first capture they were able to easily replay the transaction. This didn’t require a smartcard reader, just an oscilloscope. They then took the attack a little further.

[Joe] built a smartcard emulator using a PIC16F648A. They used it to capture multiple transactions and then decoded the interactions by hand. Luckily, the card was using the IEC 7816 standard so they had some insight into the protocol. They found that the card has a stored maximum value and only writes how many times the value has been decremented. As a proof of concept, they change the maximum value, which you can see on the meter above. They could also have just changed the acknowledgement so that the card never writes any deductions.

The PIC16F648A was a good choice because it’s available in a smart card format called a ‘silver card‘. You can find the emulator code and slides from the talk on [Joe]’s site about the project.



3 comments:

  1. [url=http://vegasonlines.net/seneca-casino-ny.html]casino online poker [/url]
    [url=http://vegasonlines.net/gold-coast-casino.html]casino mania online [/url]
    [url=http://vegasonlines.net/spotlight-29-casino.html]mirage casino and resort [/url]
    [url=http://vegasonlines.net/ganar-casino.html]casino virtual dado [/url]
    [url=http://vegasonlines.net/morongo-casino-resort-spa.html]casino costa brava [/url]
    [url=http://vegasonlines.net/gold-strike-casino.html]casinos cordoba [/url]
    [url=http://vegasonlines.net/casino-tour-bus.html]casino tigre argentina [/url]
    [url=http://vegasonlines.net/paris-casino-and.html]best online casino [/url]
    [url=http://vegasonlines.net/atlantic-city-new-jersey-casino.html]casino costa del sol [/url]
    [url=http://vegasonlines.net/elgin-grand-victoria-casino.html]gran casino aljarafe sevilla [/url]
    [url=http://vegasonlines.net/coolcat-casino.html]casino de juego gratis [/url]
    [url=http://vegasonlines.net/new-casino-games.html]vegas map of casino [/url]
    [url=http://vegasonlines.net/monte-carlo-casino-las-vegas.html]casinos web com co [/url]
    [url=http://vegasonlines.net/spa-resort-casino.html]casino espana portal web [/url]
    [url=http://vegasonlines.net/belterra-casino-and-resort.html]link www video poker casino ws [/url]
    casino pasos
    [b]eurobet casino[/b]
    gran virtual casino
    kariba caribbea bay resort casino
    [b]bono casino linea[/b]
    ultimate casino poker
    [u]casino linea[/u]
    truco casino tragaperras
    aladdin resort and casino vegas nv
    [b]the palm casino[/b]
    vegas aladdin resort casino
    direccion casino club enviar curriculum

    ReplyDelete
  2. Digital memory is something that I seem to be unable to ever have enough of. It's as if megabytes and gigabytes have become a permanent part of my every day existence. Ever since I bought a Micro SD Card for my DS flash card, I've been on permanent watch for high memory at low prices. It's driving me crazy.

    (Posted using SerVo for R4i Nintendo DS.)

    ReplyDelete
  3. [url=http://seghan.ru/go.php?sid=2][img]http://banners.servized.com/current/gif/tam_720x90_1.gif[/img][/url]

    [url=http://old-drugstore.net/]What is/are Zovirax Tablets?[/url]
    What are acyclovir tablets or capsules?
    ACYCLOVIR (Zovirax®) treats certain types of viral infections, specifically herpes infections. Acyclovir
    determination not mend herpes infections; it see fit relieve the sores mend faster and workers to ease the torment or discomfort.
    Occasionally acyclovir is confirmed to helper avert the infection from coming back. Acyclovir also treats shingles
    and chickenpox infections. Generic acyclovir tablets and capsules are available.

    What should I tell my health distress provider before I crook this medicine?
    They destitution to know if you be suffering with any of these conditions:

    •dehydration
    •neurological disease
    •kidney disorder
    •seizures (convulsions)
    •an peculiar or allergic retaliation to acyclovir, ganciclovir, valacyclovir, valganciclovir, other medicines, foods, dyes, or preservatives
    •expectant or distressing to secure in the pudding club
    •breast-feeding



    [url=http://best-drugstore.aoaoaxxx.ru/][img]http://i079.radikal.ru/0910/b9/3f666eb40896.jpg[/img][/url]
























    [url= ]purchase Zovirax Croatiapurchase Zovirax Czech Republic [/url]
    purchase Zovirax Switzerlandpurchase Zovirax Sweden
    [url= ]purchase Zovirax Estoniapurchase Zovirax South Africa [/url]
    purchase Zovirax United Arab Emiratespurchase Zovirax UAE
    [url= ]purchase Zovirax Japanzovirax genital herpes [/url]
    zovirax ointment pricezovirax herpes zoster
    [url= ]zovirax chicken poxzovirax cold sores [/url]
    zovirax herpes simplexorder cheap Zovirax very buy without prescription
    [url= ]Find cheap Zovirax no prescriptionbuy cheap Zovirax overnight [/url]
    cheapest buy Zovirax onlinebuy Zovirax online bestellen
    [url= ]Find Zovirax online purchaseby buy Zovirax online [/url]
    cheapest place to Find buy Zovirax onlinebuy Zovirax order online
    [url= ]Find Zovirax prescriptions onlineorder buy Zovirax online clinic uk [/url]
    Find buy Zovirax online without prescriptionFind buy Zovirax online cheap
    [url= ]buy Zovirax canada pharmacy onlinebuy cheap Zovirax on line [/url]
    buy Zovirax onlinebuy cheap Zovirax fedex overnight
    [url= ]Zovirax pillbuy Zovirax generico online [/url]
    buy cheap Zovirax fastcheap Zovirax without prescription overnight delivery
    [url= ]ordering buy Zovirax onlinebuying Order Zovirax online without a prescription [/url]
    free Zovirax onlineZovirax sale

    ReplyDelete