"Smart" Parking Meter Implementations, Globalism, and You (aka Meter Maids Eat Their Young)

Presented at DEF CON 17 (2009), Aug. 1, 2009, 10 a.m. (50 minutes)

Throughout the United States, cities are deploying "smart" electronic fare collection infrastructures that have been commonplace in European countries for many years. In 2003, San Francisco launched a $35 million pilot program to replace approximately 23,000 mechanical parking meters with electronic units that boasted tamper resistance, payment via smart card, auditing capabilities, and an estimated $30 million annually in fare collection revenue. Other major cities, including Atlanta, Boston, Chicago, Los Angeles, New York, Philadelphia, Portland, and San Diego, have made similar moves. In this session, we will present our evaluation of electronic parking meters, including smart card protocol analysis and emulation, silicon die analysis, and firmware reverse engineering, all of which aided in successful breaches.


  • Joe Grand / Kingpin as Joe "Kingpin" Grand
    Joe "Kingpin" Grand, also known as Kingpin, is an electrical engineer, hardware hacker, and longtime participant in the security community. He invents things for his company, Grand Idea Studio (www.grandideastudio.com) and has had the honor of designing the DEF CON badge for the past four years. Back in the day, he was a member of L0pht Heavy Industries and, more recently, a co-host of Prototype This, an engineering entertainment program on Discovery Channel. He's also the sole proprietor of Kingpin Empire (www.kingpinempire.com), a hacker-inspired project that gives back to the computer underground, technology, and health communities through charitable donations.
  • Chris Tarnovsky
    Chris Tarnovsky runs Flylogic Engineering, LLC and specializes in analysis of semiconductors from a security "how strong is it really" standpoint. Flylogic offers detailed reports on substrate attacks which define if a problem exists. If a problem is identified, we explain in a detailed report all aspects of how the attack was done, level of complexity and so on. This is something we believe is unique and allows the customer to then go back to the chip vendor armed with the knowledge to make them make it better (or possibly use a different part).
  • Jake Appelbaum
    Jake Appelbaum, also known as ioerror, hacks for pleasure and leisure across the globe. He currently has an interest in parking meters, magnetics and GSM telephones. Previously he's been interested in disk cryptography, memory forensics and MD5 as it applies to digital signatures. He's an ethics enthusiast, a former pornographer and proudly Vegan.