How Evil Hackers Can Cause Chaos At Horribly Vulnerable Car Parks

There’s been growing interest in car hacking in recent years, inspired by researchers showing off exploits in real vehicles, tinkering with Teslas, and uncovering glaring vulnerabilities in third party kit. But criminal hackers could vex drivers in other ways, such as compromising internet-connected, easily hackable parking management systems, according to Spanish researcher Jose Guasch. At the Hack In The Box security conference in Amsterdam later this month, he will present some shocking weaknesses in as yet unnamed parking software, which he claims could be abused to take control of car parks, including their physical barriers and displays, or steal driver credit card data and personal details, or acquire free parking spaces.

It’s been a strange labor of love for Guasch, technical coordinator of the Tiger Team at Spanish consulting firm SIA Group and an editor at SecurityByDefault.com, who has been looking into the security of car park software since 2013. When he came across the gaping security holes in the vendor software in June 2014, he contacted the Spanish branch, but to no avail. Further attempts to warn the provider in February 2015 also elicited no response. That’s despite his warnings he could access credit card data from compromising the software’s remote access tool, just by searching the tickets folder. But he still won’t name the developers responsible.