A parking virus

| Comments (3) | SYSSEC
I was in SFO short-term parking today and as I pulled up to get my ticket, I saw something interesting:
  • The ticket machine runs Windows.
  • It was running a virus scanner
  • It was displaying a window indicating that it had detected a virus.

Regrettably I bungled my cell phone camera and was unable to get a photo.

Obviously, I'm unsurprised that these machines run Windows (though I wouldn't have been surprised with Linux or QNX). I'm a little surprised that they're networked since a lot of this kind of industrial automation tech was manufactured and installed before ubiquitous local networking command and control. However, given that they are running Windows and are networked, we shouldn't be surprised if they get infected. I guess the next question is: what could you do with a zombied parking ticket machine?


Perhaps it wasn't infected through a network; perhaps it was infected from an infected maintenance disk, the way things used to get infected in the Dark Ages.

In addition to the usual DDoS and spam you could launch assuming the thing is on a network, Zombie Parking Machines are the ideal way to reduce your monthly parking bill.

"Mmmmm... Parking Brains!!!"

No, you are right: the technology is inappropriate for the application.

Anti-virus is an example of what Marcus Ranum calls enumerating badness. Its a strategy that is not likely to work very well when there is vastly more badness than goodness.

The parking system has an exceptionally limited repetoire of programs. A system that only permits signed executables trusted by the system to run is going to be far more effective than any virus checker, particularly since there is a negligible chance that the parking lot is going to apply updates.

Windows Vista has some really interesting hooks for the AV system. It would be pretty easy to hook something of the sort up.

It is going to be some time till it would be feasible to run such a scheme on a consumer PC but it is certainly possible to deploy it on most servers.

You might find that you needed some sort of hardware support to ensure that the scheme worked. There are many application frameworks that have plug-ins these days. But it is certainly going to work much better.

Leave a comment