On CNET: Holiday Tech Guide 2009
BNET Business Network:
BNET
TechRepublic
ZDNet

December 22nd, 2008

Speed camera 'pimping' attack highlights public identity weaknesses

Posted by Adam O'Donnell @ 4:41 pm

Categories: Complex Attacks, Data theft, Punditocracy

Tags: Financial, Financial Transaction, Camera, Attack, Social Security, Financial Accounting, Security, Government, Finance, Adam O'Donnell

In a brilliant physical-world example of what happens when too much value is placed upon open identification systems for determining reputation, a group of high school students are setting off speeding enforcement cameras using fake license plates belonging to their enemies.

According to an article in the D.C. area Montgomery County Sentinel, high school students are generating photorealistic replicas of their enemies license plates, placing them on their vehicles, and blowing through speeding cameras. Obviously people who have been victimized by this attack are upset, but at least one anonymous individual hits the nail on the head:

“The practice of sending speeding tickets to faceless recipients without any type of verification is unwarranted and an exploitation of our rights.”

Using a publicly visible number rather than direct challenge and response verification as a means of identification for a financial transaction is a bad idea. Practically all of our purchases online are made via a semi-secret identifier that stays constant for years, and our accounts are protected by a combination of semi-secret lifelong identifiers, such as social security numbers and public information, like our home address.

We should all be demanding identification mechanisms that involve multifactor data for our electronic financial transactions, such as one-time password tokens. It may not be possible to create speed traps that use stronger authentication, but improving financial transactions is within reach.

Adam O'DonnellAdam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000. He currently is the Director of Emerging Technologies at Cloudmark, a messaging security company located in San Francisco. See his full profile and disclosure of his industry affiliations.

Email Adam O'Donnell

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 106 Talkback(s)
Nothing but a $$$$$$$$$$ generator for the state
These machines are not for "public safety" they don't even exist to enforce traffic laws, what they are is cash machines for the city. Not enough budget to put out enough cops so we'll catch every jo... (Read the rest)
Posted by: suemccartin Posted on: 01/22/09 You are currently: a Guest | | Terms of Use
Car Licence Plates  chromeronin | 12/22/08
Already done.  Letophoro | 12/22/08
Why stop there...  hasta la Vista, bah-bie | 12/23/08
If that happens, I'm screwed!  MGP2 | 12/23/08
Even better idea  Alan Smithie | 12/23/08
Enforcing the Law = Fascist?  davagain | 12/29/08
Enforcing the law? No. Methods used? Absolutely!  Dr. John | 12/29/08
Declare that it was not you  Newsom02 | 12/29/08
Here, you have to...  Dr. John | 12/29/08
yup  shadfurman | 12/31/08
You really are not that naive??  Timewellwasted | 12/29/08
in oregon  shadfurman | 12/31/08
AGREED  Timewellwasted | 12/31/08
One car rental used GPS to "fine" customers.  No_Ax_to_Grind | 12/23/08
what an idea.....  daMan25 | 12/23/08
Company caught - ordered to stop practice (2002)  TG2 | 12/24/08
Rental companies don't want...  davagain | 12/29/08
which car rental  dcdavy | 12/23/08
You pay "fines" just to use insecure software  fr0thy2 | 12/25/08
Different worlds  Timewellwasted | 12/29/08
Using GPS to fine customers.  ambilliot@... | 12/29/08
I'd say you've got a right to know about gps tracking  suemccartin | 01/22/09
inaccuate  shadfurman | 12/31/08
Transponder  Aesculapian | 12/25/08
excellent point  davagain | 12/29/08
How about no speed limits at all? Ok with some exceptions.  Newsom02 | 12/29/08
Just imobilise the car  Patanjali | 12/23/08
so old school my friend  ttocsmij | 12/29/08
RFID Tags  Ludovit | 12/23/08
RFID tags can be cloned.  phatkat | 12/23/08
Yeah.. RFID ... not even the "uncloneable"  TG2 | 12/24/08
Uncloneable = Security by Obscurity  Dr_Zinj | 12/31/08
ID tags  wargammer2005 | 12/24/08
In the palms?  reziol | 12/24/08
"ultimate solution?"  pgit | 12/24/08
=Penultimate  Patanjali | 12/27/08
talk about easy to copy  rparker009 | 12/29/08
RE: Speed camera 'pimping' attack highlights public identity weaknesses  mone_dog | 12/23/08
Even the Germans have some problems.  Letophoro | 12/23/08
Car is not identity  Patanjali | 12/27/08
yeah right  dcdavy | 12/23/08
and what happens when they wear dead president masks?  TG2 | 12/24/08
This was done in a Columbo episode  jhimes | 12/29/08
This is the way it "Was" in AZ  Timpraetor | 12/24/08
Running red lights, depends?  Patanjali | 12/27/08
Yellow Light Duration  mikefulton1963 | 01/01/09
It's not even the car  doctordawg | 12/29/08
Emergency vehicles  Dr. John | 12/30/08
The dutch love pulling this trick on the Germans too...  mokum von Amsterdam | 12/23/08
Um, what?  MGP2 | 12/24/08
RE: Speed camera 'pimping' attack highlights public identity weaknesses  gwaltman@... | 12/23/08
RE: Speed camera 'pimping' attack highlights public identity weaknesses  aldux | 12/23/08
Wanna bet? Where there's a will, there's a way...  hasta la Vista, bah-bie | 12/23/08
Tougher for the camera, easier for the LIDAR  oldbaritone | 12/24/08
I'll take the camera  hasta la Vista, bah-bie | 12/24/08
If a traffic study...  fairportfan | 12/24/08
what counts as an artificial constraint?  scripter | 12/24/08
primarily agree with that  merc2dogs` | 12/24/08
What Idiot?  zclayton2 | 12/29/08
RE: Speed camera 'pimping' attack highlights public identity weaknesses  richalt2 | 12/23/08
It's really about the constitution . . .  oldbaritone | 12/24/08
Same with Radar  reziol | 12/24/08
300mph Telephone Poles too  Timewellwasted | 12/29/08
These are traffic infractions not crime  Newsom02 | 12/29/08
Failure to pay the ticket, or appear in court is a crime  Dr_Zinj | 12/31/08
Is it just me, or is this funny?  davetracer@... | 12/24/08
not funny, but criminal  dkfreed@... | 12/24/08
correct  pgit | 12/24/08
NOT ILLEGAL (BTW)  Timewellwasted | 12/29/08
there you go  shadfurman | 12/31/08
I agree with you.  Timewellwasted | 12/31/08
Photo of driver?  oldbaritone | 12/24/08
Toxic Litigation Shock Frenzy  philculmer | 12/24/08
And that ...  Timpraetor | 12/24/08
Privacy and Poor Conduct  jinggo78@... | 12/24/08
We have a similar story in the US  Newsom02 | 12/29/08
RE: Speed camera 'pimping' attack highlights public identity weaknesses  yellamo001 | 12/24/08
The DA is the accuser  martyh@... | 12/29/08
This is not a crime  Newsom02 | 12/29/08
Really, then explain  zdnet@... | 12/31/08
There are laws, and there are Laws.  Dr_Zinj | 12/31/08
No speed cameras in CO  jinggo78@... | 12/24/08
RE: Speed camera 'pimping' attack highlights public identity weaknesses  cdmsr | 12/25/08
Organize for anarchy? happy  wolf_z | 12/26/08
Anarchy = what the errnat municipal, county and companies were doing  Patanjali | 12/27/08
Not so fast... Don't mislead people.  Newsom02 | 12/29/08
It's called The Constitution  Steven Rogers | 12/29/08
Confront the camera?  Newsom02 | 12/29/08
Nothing but a $$$$$$$$$$ generator for the state  suemccartin | 01/22/09
RE: Speed camera 'pimping' attack highlights public identity weaknesses  frankdog999 | 12/29/08
Pimping is a strength of speed camera  Altotus | 12/30/08
RE: Speed camera 'pimping' attack highlights public identity weaknesses  shadfurman | 12/31/08
RE: Speed camera 'pimping' attack highlights public identity weaknesses  shadfurman | 12/31/08
RE: Speed camera 'pimping' attack highlights public identity weaknesses  horst.bogatz | 12/31/08
RE: Speed camera 'pimping' attack highlights public identity weaknesses  nickc@... | 12/31/08
Use of the highway is a right, not a privilege.  Dr_Zinj | 12/31/08
Agreed  cyberscan | 12/31/08
Dough re mi narcotic  rushingturtle | 12/31/08
NL Speed cameras  Skidpalace | 12/31/08
RE: Speed camera 'pimping' attack highlights public identity weaknesses  cyberscan | 12/31/08
RE: Speed camera 'pimping' attack highlights public identity weaknesses  cyberscan | 12/31/08
RE: Speed camera 'pimping' attack highlights public identity weaknesses  law_n_disorder | 01/07/09
Quit your whining!  Jackson Hole Jake | 01/14/09
Quit your Naivete!  mejohnsn | 01/15/09
Wrong no violation of rights  Altotus | 01/19/09
If the registered vehical and tag in photo don't match...  Too-Tired Techie | 01/20/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads