[Cyph0n]

Sure, but there are at least two other options that are essentially as secure, assuming the “remote attack” threat model:

1. Allow customers to download updates and flash over USB.

2. Boot device into a limited mode that allows signed updates. Certificate should be stored in secure memory.

[ethbro]

I don't deal with PCI personally, so $0.02, but we're talking retail or unattended devices here.

I.e. low wage, minimal training, not technically proficient users with unsupervised physical access to the machine

A machine through which a large amount of cash (virtual or otherwise) flows.

The criteria of (a) being updatable by a semi-technical customer & (b) being secure against technically malicious or socially engineered ignorance attacks seem challenging to simultaneously satisfy.

[NotSammyHagar]

allowing easy update over usb is its own thread model, lessened with only allowing signed updates. Like almost everything, it's likely these parking meters have terrible security design. the parking meter I use commonly is incredibly slow, every button push takes 1/2 a second to update the small lcd ui, I really wonder what it can be doing to be so slow. It's probably using multiple levels of interpolation to run a js program or something.