The Case of the Two Coupons
by GadgetGizmodo
Valet parking has always fascinated me. You drive into a hotel or restaurant, hand your car keys to a complete stranger who parks your car in exchange for a coupon and brings it back to you when you are ready. He hands you one coupon, and the other gets stubbed with your car key and stored in valet âcentralâ. And just to try and make the system a bit more foolproof, some might even note down the license plate number of the car on both coupons. But all in all, how incredibly convenient.
And this was still convenient until a valet pulled up with the wrong car. So I shook my head and said thatâs not my vehicle. In his shock, the valet gave my copy of the coupon, which was in his hand, a look and said that the license plates match. The problem was the license plate did match, but only one part of the alpha-numeric identifier. So letâs say my car license plate was HRT745; the 745 matched, which was the only parameter that the valet had used to compare the coupons, and brought the wrong car out to me.
So this highlights a grave vulnerability in this manual system that the valet parking chaps have running and hereâs one of my nightmares catching upto me: there are only two coupons in this transaction; one for the car owner and the second for the valet central. When youâre ready to go, you hand your coupon over to the valet, who runs off with it leaving you empty-handed. When he returns with the car and calls out to the person who the car may belong to. The same person who, as dictated by Murphyâs Law, will never be within earshot, will probably not hear those calls.
In this scenario, can someone please explain to me what the guarantee is that the valet will actually be turning the car over to the owner of the car, and not just someone random walking out of the crowd of people waiting for their vehicles? Whereâs the final identification check or authentication?
Security in general is about identifying vulnerabilities and assessing risk. The manual system we function in is so vulnerable, I doubt many people give it too much thought. So whatâs the patch for this vulnerability?
Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials
0 comments:
Leave a Comment