QR code insanity
-
In rural parts of the Southern United States it's pronounced Tayter. Actually, my Maw-Maw (father's mother) said Eyersh Tayters (Irish Potatoes, a russet or the like). The other kind were Sweet Tayters. We also have ink pens and straight pins because because pen and pin is pronounced pea-yen.
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated. I’m begging you for the benefit of everyone, don’t be STUPID.
-
Over here they have all switched to ANPR. And in some places you also need a parking app on your mobile phone in order to pay.
The app is the key to hackers not being able to “easily” hack the QR code. The QR code has to match inside the app or else it doesn’t work. That’s why I thumbed up your message — not necessarily because QR codes are the best way to solve his problem. But, at least, the hacker cannot just replace the QR code and take payment. Although I guess, the hacker could replace the QR code and the unwitting victim who doesn’t know you need the app could just pay directly to the hacker so that may be a point too. Hmmm.. interesting.
-
Over here they have all switched to ANPR. And in some places you also need a parking app on your mobile phone in order to pay.
Here in Norway, toll road booths are history: If you do not have an car ID chip glued to your windshield (or they have problems reading it), they use ANPR. Same for most ferries: Car ID chip if you have got it, otherwise ANPR. Automatic speed ticketing has been using ANPR since the day of dawn. For a number of years, foreign cars could do as they like - park anywhere. drive at any speed, drive on toll roads ... Ferries were the last to go to ANPR. At that time, international coordination had come so far that you would find a bill in your mailbox when returning home. If you haven't already got an ID chip in your car (of the standard used in Europe), you can get one at the customs office at the national border, and tell which account to charge for all parking, toll roads, ferries etc., and you don't have to worry about it. Some indoor parking houses have been using ANPR for many years. After I scrapped my old car, 6 years ago, I received a dozen of tickets from one parking house 500 km from here, for having driven off without paying. Before scrapping the car, I tried to sell it through a web site, presenting photos with the number plates visible. Obviously, someone had figured that with a felt tip pen, they could change their registration plates to resemble my number, and the arguments would be between the buyer of my car and me. I found no buyer, and scrapped the car. Only with the formal documents showing that the car had been demolished days and weeks before even the first parking ticket, did I avoid going to court for not paying my debts. The only bad thing is that you are tracked 'all the time', anywhere any service finds a reason to read your car's ID chip or number plate. That is almost everywhere, especially around big towns and along big highways, with a lot of toll stations. I don't like being tracked and monitored everywhere; it gives me a feeling of Big Brother. Maybe even scarier is if you can persuade young people to actually read 1984, and they fail to see the point, 'Yes, they knew where Winston was at any time, and what he was doing. What's the real problem? We do that all the time!'
-
The app is the key to hackers not being able to “easily” hack the QR code. The QR code has to match inside the app or else it doesn’t work. That’s why I thumbed up your message — not necessarily because QR codes are the best way to solve his problem. But, at least, the hacker cannot just replace the QR code and take payment. Although I guess, the hacker could replace the QR code and the unwitting victim who doesn’t know you need the app could just pay directly to the hacker so that may be a point too. Hmmm.. interesting.
The QR code itself, at the physical level, is just an encoding of a bit stream, length given by the size (in b/w squares) of the code. Go up one (or two) levels, and first bits are a tag indicating the meaning, or semantics, of the rest of the bit stream. It doesn't have to be a URL, but that is what most people have seen it as. If it really is a URL (which is quite likely) to a web service for the user to transfer money from his bank account to the parking service, replacing it with a URL to another web service for the user to transfer money from his bank account to someone else's bank account is not that difficult. As long as you need to establish some contractual agreement with the parking lot before parking there, you can in theory have a white list of money recipients, to prevent this kind of fraud - but it doesn't work in practice: There will be lots of parking lots where you do not have any prior agreement, so you have to accept the web service that comes up when you go to the QR supplied URL. There is no easy way for you to know whether it is real or fake. In the metal days, you could be reasonably sure that the coins you dropped into the slot actually landed in the money box of the parking lot owner. Today you can't be that certain about the owner receiving the right bits. I sort of trust(ed) coins a lot more.
-
dandy72 wrote:
I have a phone. It's just never had a sim card put in it.
Isn't that what we call a "camera"? :-)
A camera, an MP3 player, a GPS, a PDA, a voice recorder, a note taker, a flashlight...add any number of apps that don't require a live internet connection (if out of wi-fi range)... A phone without the phone part is still a lot more useful than people give it credit for.
-
A camera, an MP3 player, a GPS, a PDA, a voice recorder, a note taker, a flashlight...add any number of apps that don't require a live internet connection (if out of wi-fi range)... A phone without the phone part is still a lot more useful than people give it credit for.
-
I guess that requires mobile phone coverage, supporting all the various standard of all potential customers. Maybe 100% geographical smartphone coverage is the top priority development goal of every country in the world, ahead of health care, decent and healthy food, education and housing. I read a claim a few days ago that 90% of all adults on earth own a smartphone. I am not sure that I believe that figure, but my impression is that less than 90% have decent health care, food, education and housing. Maybe having a smartphone will help them forget their uncovered needs. Having mobile technology available as an option is great, but I really dislike how we make ourselves (read: the entire world) totally dependent on it working flawlessly at any time, and is available to every one of us at any time. When I go out for a walk, or go downtown shopping, or whatever, I usually leave my smartphone at home. (Except when I go out with friends who take for granted that they can carry on a conversation with me through texting if the noise at the pub gets so loud that we have problems hearing each other across the table, so we use SMS for chatting :-))
-
Of course abuse of QR codes is obvious. QR codes can be phishing scams in disguise, warns the FTC - The Verge[^] But I encounter this real scenario.... Went to park at a downtown parking lot that I had not parked at for quite some time (pre-covid probably). Before there used to be credit card reader kiosk. Those have been around for a while. Now all there is is a sign, rather large one, with a message like 'Use the QR code to pay'. Then of course a QR code. It is trivially simple to print out a QR code and just cover up the real one. Not even sure in this case that replacing it would require more than just someone that was a bit taller than average. One could likely do that on quite a few lots in one night. It would be days or even weeks before anyone figured it out. Even if a diligent check of proceeds from one lot showed reduced revenue I bet figuring out why would take some time and one lot owner would probably just fix their own lots. And they would be unlikely to rescind tickets, handed out of course because the real QR code wasn't used, unless a government agency started getting involved. Perhaps not even then.
The parking garage at my doctors office is like that. Mobile Webapp to pay: enter license plate number, cell number, and credit card.(and maybe spot number?) Just drive out when you are done and you receive your receipt via SMS within a few seconds. No honor system, tow trucks are the enforcers.
-
In rural parts of the Southern United States it's pronounced Tayter. Actually, my Maw-Maw (father's mother) said Eyersh Tayters (Irish Potatoes, a russet or the like). The other kind were Sweet Tayters. We also have ink pens and straight pins because because pen and pin is pronounced pea-yen.
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated. I’m begging you for the benefit of everyone, don’t be STUPID.
-
So this lot has an honor system for paying? No gate at the exit that requires some confirmation of payment (ex. a "paid" ticket be inserted / scanned)?
fgs1963 wrote:
So this lot has an honor system for paying
Correct. The surface level lots (versus buildings) in my experience almost all use a system like that. It does of course require a person to come around to check the lot at various times. They issue quite expensive tickets if the car has not paid.
-
There has to be more to it than that. Most car parks use ANPR, so the driver would need to connect his payment to the car's index plate in some way.
Richard MacCutchan wrote:
There has to be more to it than that
Here, they have people that check the lots on a periodic basis. How do I know this? Due to various reasons at different lots I came out to a ticket on the car. Why do that? The lots are surface level so would tend to be small. I have seen lots and parked in one with only about 10 parking slots. So buying and servicing the tech is probably not worth it. But could also be some regulatory control as well.
-
The app is the key to hackers not being able to “easily” hack the QR code. The QR code has to match inside the app or else it doesn’t work. That’s why I thumbed up your message — not necessarily because QR codes are the best way to solve his problem. But, at least, the hacker cannot just replace the QR code and take payment. Although I guess, the hacker could replace the QR code and the unwitting victim who doesn’t know you need the app could just pay directly to the hacker so that may be a point too. Hmmm.. interesting.
raddevus wrote:
The app is the key to hackers not being able to “easily” hack the QR code.
To be clear there is no "app" from the person using the parking lot. It is just a QR code. The one I saw did not even specify anything else. Not a lot number, not a company. And that part of the sign could have been replaced (covered up) with an additional sign also but with more difficultly since it was higher. For the QR code it is quite easy. They scan the QR. It goes to a site that looks like you can pay to park. Probably would not even need to specify the lot. And take a credit card. Or better an alternative payment form. The site is set up specifically for the scam. It can be legitimized by running a real service via it for some period of time (perhaps selling something trivial on ebay.)
-
lot of places use honor system. No need to maintain a gate that's always broken or a pay booth that never works. Street side parking with parking meters also work that way. You can take the chance that no one will come and check the meter, or just pay. we got stuck 30 minutes at an airport gate once with a long line of cars behind us waiting for the sole attendant to come in and fix the gate.
CI/CD = Continuous Impediment/Continuous Despair
Maximilien wrote:
You can take the chance that no one will come and check the meter, or just pay.
City where I am for a very long time there was not much checking. Then the city fired all of those that checked the meters. And replaced it with a private company. Which I am sure gets a cut of the collections. So now besides just a meter violation there are all sorts of miniscule laws (like how far you are parked from the curb) which get ticketed a lot more.
-
Of course abuse of QR codes is obvious. QR codes can be phishing scams in disguise, warns the FTC - The Verge[^] But I encounter this real scenario.... Went to park at a downtown parking lot that I had not parked at for quite some time (pre-covid probably). Before there used to be credit card reader kiosk. Those have been around for a while. Now all there is is a sign, rather large one, with a message like 'Use the QR code to pay'. Then of course a QR code. It is trivially simple to print out a QR code and just cover up the real one. Not even sure in this case that replacing it would require more than just someone that was a bit taller than average. One could likely do that on quite a few lots in one night. It would be days or even weeks before anyone figured it out. Even if a diligent check of proceeds from one lot showed reduced revenue I bet figuring out why would take some time and one lot owner would probably just fix their own lots. And they would be unlikely to rescind tickets, handed out of course because the real QR code wasn't used, unless a government agency started getting involved. Perhaps not even then.
-
Does there still exist a way to pay without the QR code? There's times when QR codes are helpful/useful but when that's the only option, that's a problem. There's an assumption that everyone has a smart-phone, and that's not true. There's a number of people that don't even own a cell-phone, never mind a smart phone. And that doesn't include the lost, forgotten, broken, or out of juice phones. And, as you point out, there's many ways that this could be abused. And if you and I can think of ways to abuse this, then you know that others with far fewer scruples are thinking about it, too.
"A little song, a little dance, a little seltzer down your pants" Chuckles the clown
k5054 wrote:
Does there still exist a way to pay without the QR code?
Not at that lot. And I did look. I have used several other lots in the downtown region recently and those still use a credit card reader. Only. Cash not allowed. One types in the license plate number then selects how long, then the credit card.
-
I guess that requires mobile phone coverage, supporting all the various standard of all potential customers. Maybe 100% geographical smartphone coverage is the top priority development goal of every country in the world, ahead of health care, decent and healthy food, education and housing. I read a claim a few days ago that 90% of all adults on earth own a smartphone. I am not sure that I believe that figure, but my impression is that less than 90% have decent health care, food, education and housing. Maybe having a smartphone will help them forget their uncovered needs. Having mobile technology available as an option is great, but I really dislike how we make ourselves (read: the entire world) totally dependent on it working flawlessly at any time, and is available to every one of us at any time. When I go out for a walk, or go downtown shopping, or whatever, I usually leave my smartphone at home. (Except when I go out with friends who take for granted that they can carry on a conversation with me through texting if the noise at the pub gets so loud that we have problems hearing each other across the table, so we use SMS for chatting :-))
trønderen wrote:
When I go out for a walk, or go downtown shopping, or whatever, I usually leave my smartphone at home.
Optimist? Myself I was an emergency contact for about 10 years which is why I first got a mobile. So it went everywhere with me. To a certain extent I still am. But now I also consider cases where perhaps I witness an accident or I fall and realize walking further is going to be a problem.
-
k5054 wrote:
Does there still exist a way to pay without the QR code?
Not at that lot. And I did look. I have used several other lots in the downtown region recently and those still use a credit card reader. Only. Cash not allowed. One types in the license plate number then selects how long, then the credit card.
-
Does there still exist a way to pay without the QR code? There's times when QR codes are helpful/useful but when that's the only option, that's a problem. There's an assumption that everyone has a smart-phone, and that's not true. There's a number of people that don't even own a cell-phone, never mind a smart phone. And that doesn't include the lost, forgotten, broken, or out of juice phones. And, as you point out, there's many ways that this could be abused. And if you and I can think of ways to abuse this, then you know that others with far fewer scruples are thinking about it, too.
"A little song, a little dance, a little seltzer down your pants" Chuckles the clown
Yes, when they assume that EVERYONE has a smartphone it is a big problem, as well as assuming that those who DO have smartphones know how to use QR codes. REQUIRING everyone to use a smartphone app is a huge burden on the elderly, even if they have smartphones.
-
Of course abuse of QR codes is obvious. QR codes can be phishing scams in disguise, warns the FTC - The Verge[^] But I encounter this real scenario.... Went to park at a downtown parking lot that I had not parked at for quite some time (pre-covid probably). Before there used to be credit card reader kiosk. Those have been around for a while. Now all there is is a sign, rather large one, with a message like 'Use the QR code to pay'. Then of course a QR code. It is trivially simple to print out a QR code and just cover up the real one. Not even sure in this case that replacing it would require more than just someone that was a bit taller than average. One could likely do that on quite a few lots in one night. It would be days or even weeks before anyone figured it out. Even if a diligent check of proceeds from one lot showed reduced revenue I bet figuring out why would take some time and one lot owner would probably just fix their own lots. And they would be unlikely to rescind tickets, handed out of course because the real QR code wasn't used, unless a government agency started getting involved. Perhaps not even then.
I never scan QR codes. Ever. During lockdown a lot of restaurants wanted customers to scan a QR code to view the menu, but I insisted that they hand me a printed menu, which they all did. I'm bad enough with reading restaurant menus that the idea of trying to do it on my phone was just not going to happen. It's not you, it's me.