Joe Grand, the director of Grand Idea Studio, told his audience at Black Hat that it took just three days to create a smart payment card to allow them to park for free at the city's parking meters.
The problem, he said, is that the meters have no way of knowing whether a card is genuine or a fake, meaning that creating a smart card that simply `plays' out the data that the meter is interrogating it for, fools the machine into thinking it has a valid card inserted.
In this way, he explained, the fake card can then be used to pay at all 23 000 meters across San Francisco.
Grand's methodology in creating the fake card is interesting, Infosecurity notes, as he appears to have created a card that, when interrogated, tells the reader it has a balance of $999.99 - the maximum possible on the card system.
Grand said that, in order to work out how to circumvent the payment card system, he wired a portable oscilloscope to a parking meter and monitored what signals were generated when he used a genuine card.
By working through the data signals manually, he worked out what signals the meter was expecting and created a computer program to emulate the smart card chipset - and respond accordingly.
Once he calculated the correct responses to the interrogative requests from the meter, he was able to program a smart card that simply played back the required data responses.
According to the security researcher, the meters used in San Francisco are Mackay Guardian XLE units, which are fitted with a secure access module (SAM) from a third-party financial institution.
Because of this, he said it is unlikely that his hack would work in different cities across the USA that are also rolling out smart card-driven parking meters.