|
Not sure I'd call that progress...
|
|
|
|
|
Nor me; there are plenty of people in the UK who cannot use car parks because of it.
|
|
|
|
|
The app is the key to hackers not being able to “easily” hack the QR code.
The QR code has to match inside the app or else it doesn’t work.
That’s why I thumbed up your message — not necessarily because QR codes are the best way to solve his problem.
But, at least, the hacker cannot just replace the QR code and take payment.
Although I guess, the hacker could replace the QR code and the unwitting victim who doesn’t know you need the app could just pay directly to the hacker so that may be a point too.
Hmmm.. interesting.
|
|
|
|
|
The QR code itself, at the physical level, is just an encoding of a bit stream, length given by the size (in b/w squares) of the code. Go up one (or two) levels, and first bits are a tag indicating the meaning, or semantics, of the rest of the bit stream. It doesn't have to be a URL, but that is what most people have seen it as.
If it really is a URL (which is quite likely) to a web service for the user to transfer money from his bank account to the parking service, replacing it with a URL to another web service for the user to transfer money from his bank account to someone else's bank account is not that difficult. As long as you need to establish some contractual agreement with the parking lot before parking there, you can in theory have a white list of money recipients, to prevent this kind of fraud - but it doesn't work in practice: There will be lots of parking lots where you do not have any prior agreement, so you have to accept the web service that comes up when you go to the QR supplied URL. There is no easy way for you to know whether it is real or fake.
In the metal days, you could be reasonably sure that the coins you dropped into the slot actually landed in the money box of the parking lot owner. Today you can't be that certain about the owner receiving the right bits. I sort of trust(ed) coins a lot more.
|
|
|
|
|
raddevus wrote: The app is the key to hackers not being able to “easily” hack the QR code.
To be clear there is no "app" from the person using the parking lot. It is just a QR code. The one I saw did not even specify anything else. Not a lot number, not a company. And that part of the sign could have been replaced (covered up) with an additional sign also but with more difficultly since it was higher.
For the QR code it is quite easy.
They scan the QR. It goes to a site that looks like you can pay to park. Probably would not even need to specify the lot. And take a credit card. Or better an alternative payment form.
The site is set up specifically for the scam. It can be legitimized by running a real service via it for some period of time (perhaps selling something trivial on ebay.)
|
|
|
|
|
Here in Norway, toll road booths are history: If you do not have an car ID chip glued to your windshield (or they have problems reading it), they use ANPR. Same for most ferries: Car ID chip if you have got it, otherwise ANPR. Automatic speed ticketing has been using ANPR since the day of dawn.
For a number of years, foreign cars could do as they like - park anywhere. drive at any speed, drive on toll roads ... Ferries were the last to go to ANPR. At that time, international coordination had come so far that you would find a bill in your mailbox when returning home. If you haven't already got an ID chip in your car (of the standard used in Europe), you can get one at the customs office at the national border, and tell which account to charge for all parking, toll roads, ferries etc., and you don't have to worry about it.
Some indoor parking houses have been using ANPR for many years. After I scrapped my old car, 6 years ago, I received a dozen of tickets from one parking house 500 km from here, for having driven off without paying. Before scrapping the car, I tried to sell it through a web site, presenting photos with the number plates visible. Obviously, someone had figured that with a felt tip pen, they could change their registration plates to resemble my number, and the arguments would be between the buyer of my car and me. I found no buyer, and scrapped the car. Only with the formal documents showing that the car had been demolished days and weeks before even the first parking ticket, did I avoid going to court for not paying my debts.
The only bad thing is that you are tracked 'all the time', anywhere any service finds a reason to read your car's ID chip or number plate. That is almost everywhere, especially around big towns and along big highways, with a lot of toll stations. I don't like being tracked and monitored everywhere; it gives me a feeling of Big Brother.
Maybe even scarier is if you can persuade young people to actually read 1984, and they fail to see the point, 'Yes, they knew where Winston was at any time, and what he was doing. What's the real problem? We do that all the time!'
|
|
|
|
|
Richard MacCutchan wrote: There has to be more to it than that
Here, they have people that check the lots on a periodic basis.
How do I know this? Due to various reasons at different lots I came out to a ticket on the car.
Why do that? The lots are surface level so would tend to be small. I have seen lots and parked in one with only about 10 parking slots. So buying and servicing the tech is probably not worth it.
But could also be some regulatory control as well.
|
|
|
|
|
lot of places use honor system.
No need to maintain a gate that's always broken or a pay booth that never works.
Street side parking with parking meters also work that way.
You can take the chance that no one will come and check the meter, or just pay.
we got stuck 30 minutes at an airport gate once with a long line of cars behind us waiting for the sole attendant to come in and fix the gate.
CI/CD = Continuous Impediment/Continuous Despair
|
|
|
|
|
Maximilien wrote: No need to maintain a gate that's always broken or a pay booth that never works. Instead they get to maintain an electronic payment system (that can be easily hacked) and automatic systems to scan license plates and issue tickets.
Poe-tay-toe vs. Puh-tah-toe.
|
|
|
|
|
In the English speaking world, it's Puh-tay-toe.
|
|
|
|
|
In rural parts of the Southern United States it's pronounced Tayter.
Actually, my Maw-Maw (father's mother) said Eyersh Tayters (Irish Potatoes, a russet or the like).
The other kind were Sweet Tayters.
We also have ink pens and straight pins because because pen and pin is pronounced pea-yen.
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated.
I’m begging you for the benefit of everyone, don’t be STUPID.
|
|
|
|
|
It's so long that I lived in a part of the country were dialect was still common that I cannot recall any of the old words.
|
|
|
|
|
In my grandmother's dialect it was 'jørple', pronounced 'jur-pleh'.
Just like French: Pommes de terre. 'Jord' (the 'jør' part) means earth, soil. 'Eple' (the '*ple' part) means 'apple'.
|
|
|
|
|
Maximilien wrote: You can take the chance that no one will come and check the meter, or just pay.
City where I am for a very long time there was not much checking.
Then the city fired all of those that checked the meters. And replaced it with a private company. Which I am sure gets a cut of the collections. So now besides just a meter violation there are all sorts of miniscule laws (like how far you are parked from the curb) which get ticketed a lot more.
|
|
|
|
|
fgs1963 wrote: So this lot has an honor system for paying
Correct. The surface level lots (versus buildings) in my experience almost all use a system like that. It does of course require a person to come around to check the lot at various times. They issue quite expensive tickets if the car has not paid.
|
|
|
|
|
Does there still exist a way to pay without the QR code? There's times when QR codes are helpful/useful but when that's the only option, that's a problem. There's an assumption that everyone has a smart-phone, and that's not true. There's a number of people that don't even own a cell-phone, never mind a smart phone. And that doesn't include the lost, forgotten, broken, or out of juice phones.
And, as you point out, there's many ways that this could be abused. And if you and I can think of ways to abuse this, then you know that others with far fewer scruples are thinking about it, too.
"A little song, a little dance, a little seltzer down your pants"
Chuckles the clown
|
|
|
|
|
k5054 wrote: There's a number of people that don't even own a cell-phone, never mind a smart phone
I have a phone. It's just never had a sim card put in it.
Still great for "everything else".
|
|
|
|
|
dandy72 wrote: I have a phone. It's just never had a sim card put in it. Isn't that what we call a "camera"?
|
|
|
|
|
A camera, an MP3 player, a GPS, a PDA, a voice recorder, a note taker, a flashlight...add any number of apps that don't require a live internet connection (if out of wi-fi range)...
A phone without the phone part is still a lot more useful than people give it credit for.
|
|
|
|
|
I roamed internationally for a week like that. I had WIFI in the hotel, the office, and any restaurant.
I was off grid only when walking a block or two between those locations.
|
|
|
|
|
Nooo... never hotel or restaurant wifi... nooooo...
|
|
|
|
|
VPN's there for a reason.
|
|
|
|
|
My wife uses her brother's old iPhone for FaceTiming with him. It stays charged by her chair in the living room.
|
|
|
|
|
k5054 wrote: Does there still exist a way to pay without the QR code?
Not at that lot. And I did look.
I have used several other lots in the downtown region recently and those still use a credit card reader. Only. Cash not allowed.
One types in the license plate number then selects how long, then the credit card.
|
|
|
|
|
I'd be tempted to just add a few black marks on the QR code with a sharpie ...
"A little song, a little dance, a little seltzer down your pants"
Chuckles the clown
|
|
|
|