How to hack a Parking Management System and why?

The security researcher Jose Guasch revealed that dozens of “smart” parking management systems worldwide could be easily hacked.

Everything is always online is inevitably exposed to the risk of cyber attacks, the security researcher Jose Guasch at the hacking conference Hack In The Box has explained that dozens of “smart” Parking Management System worldwide could be easily hacked.

Guasch explained that a number of parking management systems and associated technologies in Europe and Australia are easy to hack. Hackers like Guasch can gain control of such family of systems due to the lack of security by design, and could steal information they manage, including customers’ credit card data.

The Spanish researcher discovered several vulnerabilities in the parking management system he analyzed. One of them is a publicly accessible folder that contains system backups. Anyone that is able to gain access to the parking management system could control every device it includes, such as the Closed-circuit television (CCTV) cameras, parking’s barriers, and payment stations, cashier computers and even the cameras.

Let’s think of the possibility to compromise the payment system with a malware in order to steal credit card data to resell in the underground.

Guasch explained that “Anybody can hack into this,” kind of system, for profit or to spy on parking customers and workers. As usual happen for any devices belonging to the Internet of Things, it is sufficient to query Shodan search engine to rapidly gather information on Parking management systems worldwide.

“Once inside, a hacker has full control of every device in the system.” said Guasch

Guasch hasn’t disclosed the name of the company that provides vulnerable parking management systems to avoid that someone could exploit security issues to hack them. The experts also revealed to have tried to alert the company without success, for this reason, he reported the situation to the Spanish police “Guardia Civil.”

The security expert speculates that parking management system from other vendors could be hacked with similar simplicity.

“I just want people from other parking systems to pay attention,” Added Guasch “I suspect many people don’t realize this is connected to the internet.”

To protect a parking management system, and more in general, to secure any device exposed online, it is necessary to change factory settings and protect the device with defense systems like firewalls

Let me suggest you to give a look to the Download Presentation Materials published by the researcher.

Pierluigi Paganini

(Security Affairs – Parking Management System, hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.