How to hack a Parking Management System and why?

The security researcher Jose Guasch revealed that dozens of “smart” parking management systems worldwide could be easily hacked.

Everything is always online is inevitably exposed to the risk of cyber attacks, the security researcher Jose Guasch at the hacking conference Hack In The Box has explained that dozens of “smart” Parking Management System worldwide could be easily hacked.

Guasch explained that a number of parking management systems and associated technologies in Europe and Australia are easy to hack. Hackers like Guasch can gain control of such family of systems due to the lack of security by design, and could steal information they manage, including customers’ credit card data.

The Spanish researcher discovered several vulnerabilities in the parking management system he analyzed. One of them is a publicly accessible folder that contains system backups. Anyone that is able to gain access to the parking management system could control every device it includes, such as the Closed-circuit television (CCTV) cameras, parking’s barriers, and payment stations, cashier computers and even the cameras.

Let’s think of the possibility to compromise the payment system with a malware in order to steal credit card data to resell in the underground.

Guasch explained that “Anybody can hack into this,” kind of system, for profit or to spy on parking customers and workers. As usual happen for any devices belonging to the Internet of Things, it is sufficient to query Shodan search engine to rapidly gather information on Parking management systems worldwide.

“Once inside, a hacker has full control of every device in the system.” said Guasch

Guasch hasn’t disclosed the name of the company that provides vulnerable parking management systems to avoid that someone could exploit security issues to hack them. The experts also revealed to have tried to alert the company without success, for this reason, he reported the situation to the Spanish police “Guardia Civil.”

The security expert speculates that parking management system from other vendors could be hacked with similar simplicity.

“I just want people from other parking systems to pay attention,” Added Guasch “I suspect many people don’t realize this is connected to the internet.”

To protect a parking management system, and more in general, to secure any device exposed online, it is necessary to change factory settings and protect the device with defense systems like firewalls

Let me suggest you to give a look to the Download Presentation Materials published by the researcher.

Pierluigi Paganini

(Security Affairs –  Parking Management System, hacking)