the wrong way to beat a speed camera

June 28, 2010

Last time we talked about somewhat improbable traffic violations, I wondered if you could get a traffic ticket for teleporting your way around a traffic jam and then argue your way out of it. But there is another possible use for technology in getting out of legal trouble if it works, or landing yourself in serious hot water if it doesn’t. And even more interestingly, it doesn’t require any sort of futuristic machinery to pull off. All you need is to know the basics of an SQL command, and you might just beat those automatic speed cameras without having to resort to rocket cars. And while you might not be able to stop them from taking a picture of your speeding, how could the camera’s operators send you a ticket if they can’t find an entry for your violation? That’s the thought behind a concept known as the SQL injection plate, a license place with a script telling the computer recording your offense to erase the record it just made, if not entirely deleting its database tables, or the database itself.

Would this little trick work? Well, it sounds better on paper than in reality because if you don’t know the names of the tables where your entry is stored, an optical character recognition system wouldn’t accept the command as valid. Plus, since these hacks aren’t exactly unknown, a programmer can easily disable these attempts by telling the system to look for SQL scripts in images and discard them as invalid input. Or more probably, mail the photos to a police department which might not take this lightly and very sternly warn you not to do this sort of thing again in the form of a citation or a rather strongly worded letter. But of course this is assuming that the camera’s operators are even using some sort of OCR system. Depending on the quality of the pictures taken by their cameras, it may be far cheaper and more efficient to leave this work to people who could have a laugh and attach the snapshot to the ticket to be sent in the mail. Again, neat idea, but the execution is a lot tougher than an aspiring traffic camera hacker might want it to be.

So what can you do if you can’t trick the speed camera into giving you a free pass? Annoyingly enough, it’s not very hard to use the impartial lens and its often less than caring operators as a means for a scam. Just a tad over a year ago, teens in Maryland supposedly printed fake license plates and then intentionally sped through intersections monitored by speed cameras, and by using the numbers of teachers or other students, they saddled those they didn’t like with traffic tickets requiring at least some time and effort to sort out. Though a few of their victims probably paid the fines because they thought they had no chance to dispute their wrongful punishment, I would be surprised if quite a few of these tickets didn’t get dismissed if those pranked drove a different car and could easily prove it in traffic court. The extent of the prank is hard to pin down because many of the story’s details come from an unnamed parent who stated that he was extremely opposed to the use of speed cameras in general, hence the use of the qualifier supposedly instead of using the story as a fact.

But then again, the mechanics of this prank seem perfectly plausible when we consider that speed cameras don’t necessarily snap the greatest quality pictures, meaning that a well printed fake license plate glued over its perfectly valid counterpart would be very hard to notice, even on a decent image. So the next time you find a ticket in the mail, claiminging that camera caught you running a red light or speeding, take a close look at the image and make sure it really does present a strong case. If you see another car racing past you in the shot, or something looks amiss, take it to court. Machines make mistakes, and they do it all too often, since fallible and error-prone humans are usually the ones calibrating them…

Share
  • http://www.trevor-reid.com TrevorReid

    It is a good exercise to be thinking critically about any system from a physical and information security view. Good laughs too.

    In Florida the pictures must be reviewed by an officer who issues the citation. Since the officer is reading the plate and entering on the citation just as in a routine vehicle stop a injection attack won’t have much success—-unless the cops brain is running SQL. Imagine the fun you could have in that case…

    https://www.facebook.com/group.php?gid=115842465116943

  • Paul

    “Depending on the quality of the pictures taken by their cameras, it may be far cheaper and more efficient to leave this work to people who could have a laugh and attach the snapshot to the ticket to be sent in the mail.”

    Of course, but then since your address is 1337 High’); DROP TABLE Street’– , you might get away with that one as well.

  • Paul

    Woops, that should have ended with a semi and two dashes. Not sure what happened. Does my brain run SQL?