[Noisebridge-discuss] Report from Black Hat and Defcon about a new Noisebridge/L0pht/FlyLogic project
Martin Bogomolni
martinbogo at gmail.com
Mon Aug 3 21:44:19 UTC 2009
Jake, that was a fantastic talk. Kudos to you and Joe, and Chris on
an awesome exposition.
-Martin
On Sat, Aug 1, 2009 at 8:09 PM, Kurt Grutzmacher<grutz at jingojango.net> wrote:
> Congratulations on another successful talk, Jake! Work like this is very
> important and I'm glad it's released publicly instead of sat on by vendors
> while they play the risk vs. reward of making any changes to their obviously
> faulty systems. Inevitably they make no changes.
> BTW has Kinkos done anything since Strom did the same thing to them a few
> years back?
> --
> Kurt Grutzmacher -=- grutz at jingojango.net
>
>
> On Sat, Aug 1, 2009 at 4:41 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>>
>> Hi,
>>
>> I'm happy to report that Joe Grand, Chris Tarnovsky and I successfully
>> gave our talk at Black Hat about Smart Parking meters. We purchased
>> various parking meters on eBay, we did some various hardware probing and
>> we decided to perform a case study. We had some pretty good feedback
>> from the results! Early today Joe and I gave our talk again at Defcon
>> 17. A lot of Noisebridge people came out and we packed the room at both
>> conferences. Thanks to those that came!
>>
>> One of our goals was to discuss general "smart" parking meter issues and
>> to show how this is an industry wide problem. Furthermore, we wanted to
>> show that specific machines are far from perfect. You should be able to
>> dispute tickets, these things are a joke; they're designed to withstand
>> attacks by vandals with metal foil, not anyone targeting the system. The
>> city and it's people should very strongly reconsider their desire to
>> install over 300,000 meters into every corner of our city.
>>
>> To be explicit (so please don't ask for secret codes):
>> We had no intention of defrauding the SF meter system and so we've
>> sanitized the emulator that we've released. It's basically just a
>> partial ISO7816 smart card emulator. Nothing too special!
>>
>> Our specific case study was covering the San Francisco parking meters.
>>
>> We decapped the two different kinds of payment smart cards and imaged
>> them:
>> http://crypto.nsa.org/f-21/silicon-die-analysis-slide-shot.png
>>
>> We were able to successfully breach the smart card payment system. We
>> did so by treating it as a simple black box - we didn't require a meter
>> and we simply had to intercept the communications between the card and
>> the meter. It only took three days to reverse and emulate everything.
>> The emulator is loadable onto a normal silver card. Here's the money shot:
>> http://crypto.nsa.org/f-21/parking-meter-ffffff.png
>>
>> Here's two quick write ups about the talks:
>> http://ioerror.livejournal.com/511553.html
>> http://www.grandideastudio.com/portfolio/smart-parking-meters/
>>
>> Here's our slides:
>>
>> http://grandideastudio.com/wp-content/uploads/smart-parking-meter-slides.pdf
>>
>> Here's our emulator code:
>>
>> http://grandideastudio.com/wp-content/uploads/smart-parking-meter-sanitized-src.zip
>>
>> Best,
>> Jake
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
>
More information about the Noisebridge-discuss
mailing list