Gabrielle Poccia

Hacking meters

0

news@sfbg.com

Joe Grand and his accomplices, Jacob Appelbaum of Noisebridge and Chris Tarnovsky of Flylogic Engineering, have had their way with San Francisco’s new "smart" parking meters, hacking their way into the systems, exposing how easily they are manipulated, and sharing the entire experience with whoever would listen.

The three men, all highly skilled computer programmers, built a smart card capable of fooling San Francisco’s parking meter system into giving up that sweet parking space for free, and right in front of our eyes. "You can do pretty much anything on the streets. No one in San Francisco cares," Grand, who also goes by Kingpin and is head of Grand Idea Studios, told the Guardian.

The three men shared their account in a PowerPoint presentation at Black Hat Conference, a security conference held in Las Vegas last month. "We found out through the media," said Judson True, spokesperson for the San Francisco Municipal Transportation Agency, which administers the city’s parking system.

In three days the trio managed to create a device that could infiltrate the meter and then, using an oscilloscope (a device used to translate electronic signals into readable data), they recorded the communication between the meter and card.

Grand was then able to analyze the communication and, by adjusting it, created a new card with a value of $999.99, the highest amount a meter can display.

San Francisco has spent $35 million to deploy 23,000 smart meters throughout the city and the hack was intended to get city officials to improve the system. "San Francisco has been grasping for straws for what to do with metered parking. We wanted to enlighten people to the potential problems," Grand told us.

Since the news about their findings has gone public, Grand has met with SFMTA officials. "They were very responsive, more so than many other security groups. They seemed to be more concerned with vandalism and money being skimmed during collection than with high-tech attack. They wanted to understand the mindset of the people perpetrating these attacks. They were already looking for similar types of fraud."

To defend against fraud, the SFMTA monitors the audit logs of all the meters. If a card has been used more than its possible value (cards are sold in denominations of $20 and $50) then the city can block the card and these crimes are avoided. "We have not found any fraud," says True.

This smart meter technology is used in cities across the country. In Massachusetts, several MIT students were able to find ways to manipulate smart meters in Boston. Two of the three men who found the vulnerabilities in SF’s meters live in the city. "We’re San Francisco residents and we want our money to be used well. We need a secure system that will protect its citizens. A system that is at risk trickles down to the taxpayers."

SFMTA met with J.J. MacKay, the vendor of these meters. "It was the best system for the time and the price," says True. "They are huge improvements over the mechanical machines."

San Francisco is currently planning with MacKay about next-generation meters that will be capable of processing credit cards. "As long as the credit card’s info is processed right away and not stored, then there is no real chance of fraud," Grand said. But plans for purchasing such meters are far in the future, and no decisions have been made about which model will be used.
The plan to replace all the old meters with smart meters by early next year. The smart meters are a key element to the SFMTA’s SF Park pilot program, which uses market pricing and other tools to control parking demand (see "The Politics of Parking" cover package, July 1).
The hackers’ PowerPoint presentation’s "Final Conclusions" offered a couple of hints into their worldview. They began with "Systems need to be fully tested before deployment" and ended with "Consider a world without parking meters. Ride a bicycle!"

The algae solution

0

The San Francisco Bay may soon host a dramatic new environmental project that backers say could solve three problems at once: clean wastewater, remove carbon from the atmosphere, and produce biodiesel fuel. Yet it’s gotten remarkably little attention.

"For the most part, people are just ignoring me," says Jonathan Trent, a researcher at NASA Ames Research Center at Moffett Field, who is one of the driving forces behind the project.

The new technology Trent and his colleagues have created is called OMEGA (Off-shore Membrane Enclosures for Growing Algae). The idea is to grow large colonies of freshwater algae in what amounts to large plastic bags floating in the bay.

Wastewater from local sewage plants and carbon sequestered from power plants would provide food for the algae, which then produce oxygen and freshwater along with an oil that can be refined into fuel.

The OMEGAs are giant semi-permeable membranes; the design allows freshwater in but keeps saltwater out.

Using algae for biofuel isn’t new — there are a number of algae farms on land. But they require large amounts of real estate and fresh water and enough electricity to keep the water moving.

In this case, light from the sun provides the energy, and the motion of the waves stirs the algae around.

Trent is looking at ways to collect the freshwater that gets released by the OMEGAs — potentially another major breakthrough for a state desperately short of water.

Trent has shopped his project all over the world and many countries have showed interest, but he believes San Francisco is the perfect fit. "The people of San Francisco really have an enlightened attitude and are aware that something needs to be done to fix the problems we’ve created," he told us. "It’s a great place to demonstrate to the world that this is a feasible technology."

The OMEGA project still faces political hurdles. Trent recently survived an internal audit. And U.S. Rep. Bart Gordon (D-Tenn.) has been critical of federal spending for biofuel projects.

But the scientist isn’t discouraged. "Actually I’m glad we have been audited," he said. "I’ve been able to get attention and show that not only does our system not use water, it actually produces clean water."

On July 29 the project received approval for an $800,000 grant from the California Energy Commission. According to Trent, the approval for the grant was ready for approval months earlier, but Gov. Arnold Schwarzenegger wanted to put it on hold because of the budget crisis.

The CEC grant is coming just in time. A previous grant, from Google, was due to run out at the end of September. "We’re optimistic that if people see that the CEC has invested, maybe others will want to invest," Trent said. "But we need more than just financial resources — we need brain power as well. The next step is to find engineers to really make this a workable option."

Trent would like to get a working model up and running within the next 18 months and hopes to see a full-scale operation in place in five years.

San Francisco may be the first city to host OMEGA. San Francisco Public Utilities Commission staffers have met with Trent and are cautiously optimistic. "Although it is just at the preliminary stages of discussion, it doesn’t dampen our excitement about the project," said Tyrone Jue, spokesperson for the SFPUC. "We have to know what good we will get out of it and if it is feasible in this area."

Environmentalists caution that it’s far from a perfect solution to the planet’s problems. Sierra Club staffer John Rizzo notes that "biofuels themselves are not a good solution. It’s a good bridge, but they are still burned and create carbons that are bad for the planet." In the short term, however, it sure beats drilling for oil off the California coast.