Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

How to hack a Parking Management System and why?

The security researcher Jose Guasch revealed that dozens of “smart” parking management systems worldwide could be easily hacked. Everything is always online is inevitably exposed to the risk of cyber attacks, the security researcher Jose Guasch at the hacking conference Hack In The Box has explained that dozens of “smart” Parking Management System worldwide could be easily hacked. Guasch explained that […]

How to hack a Parking Management System and why?

The security researcher Jose Guasch revealed that dozens of “smart” parking management systems worldwide could be easily hacked.

Everything is always online is inevitably exposed to the risk of cyber attacks, the security researcher Jose Guasch at the hacking conference Hack In The Box has explained that dozens of “smart” Parking Management System worldwide could be easily hacked.

Guasch explained that a number of parking management systems and associated technologies in Europe and Australia are easy to hack. Hackers like Guasch can gain control of such family of systems due to the lack of security by design, and could steal information they manage, including customers’ credit card data.

The Spanish researcher discovered several vulnerabilities in the parking management system he analyzed. One of them is a publicly accessible folder that contains system backups. Anyone that is able to gain access to the parking management system could control every device it includes, such as the Closed-circuit television (CCTV) cameras, parking’s barriers, and payment stations, cashier computers and even the cameras.

Let’s think of the possibility to compromise the payment system with a malware in order to steal credit card data to resell in the underground.

Guasch explained that “Anybody can hack into this,” kind of system, for profit or to spy on parking customers and workers. As usual happen for any devices belonging to the Internet of Things, it is sufficient to query Shodan search engine to rapidly gather information on Parking management systems worldwide.

“Once inside, a hacker has full control of every device in the system.” said Guasch

parking management systems

Guasch hasn’t disclosed the name of the company that provides vulnerable parking management systems to avoid that someone could exploit security issues to hack them. The experts also revealed to have tried to alert the company without success, for this reason, he reported the situation to the Spanish police “Guardia Civil.”

The security expert speculates that parking management system from other vendors could be hacked with similar simplicity.

“I just want people from other parking systems to pay attention,” Added Guasch “I suspect many people don’t realize this is connected to the internet.”

To protect a parking management system, and more in general, to secure any device exposed online, it is necessary to change factory settings and protect the device with defense systems like firewalls

Let me suggest you to give a look to the Download Presentation Materials published by the researcher.

Pierluigi Paganini

(Security Affairs –  Parking Management System, hacking)