CommSec Track: Park This – Yet Another Parking Meter Talk


Ok, parking meters, they’ve been discussed, hacked, torn down, even had EEPROM data read off of them with the use of electron microscope and aid of neural-network image processing.  What makes my talk different?  The talk will cover the background of the manufacturer, some initial communications with them, and of course the hardware itself.  The hardware portion includes a tear down of a “smart” parking meter, as seen in San Francisco and many other US metropolitan cities, with mobile communications over cellular, NFC/RFID, and credit card reading capabilities.  Oh, they’re also “cloud” managed!  What could go wrong?

These meters are made by IPS Group Inc, not to be confused with The IPS Group, IPS Group, Group IPS, or IPS Group BV.  The company has been making “smart” solutions since 2002, is private, and has lots of venture backing.  IPS Group Inc is PCI Level 1 certified and don’t appear to employ a CSO.  I engaged them several months back to inquire about a bug bounty program in the event a researcher finds vulnerabilities.  They insisted I was clearly confusing them with another company.  I can’t imagine why.

The hardware unit I have been researching is meant to service a single parking space.  The meters are made in “San Diego”, as they state on their website, certainly not China, right?  After a tear down, I’ve noticed a few anomalies with the unit.  Mainly, the NFC/RFID has been disabled.  Or so I think.  I could use some assistance with investigating the “ninja” abilities here as I suspect it’s enabled but I don’t have the proper protocol to communicate.  I’ve also noticed, sadly, a bit late after I moved here, that this meter requires a CDMA cell tower.  Unfortunately we don’t have those in the NL and I have been pushed to dive into the world of femto cells.  Fortunately, I have friends in the US willing to help.  At the end of this deck, I’m reaching out to you, the audience, for some subject matter expertise and to those of a curious nature.

Location: CommSec Track Date: May 27, 2016 Time: 3:00 pm - 3:30 pm Paul Moreno