|
Read an old story about people trying to put SQL code on their plates to fool traffic cams. To someone who has extremely limited experience with SQL, would this actually work?
|
# ? Apr 5, 2014 22:29 |
|
|
# ? May 21, 2024 18:03 |
|
I guess it could, depending on how the camera systems works (which I have no idea). I'm guessing the camera's either save a video of you running the light, save a compressed image of you running the light, or if it's really sophisticated, it could look up your license plate on-the-fly. The first 2 options are probably human verified, so the SQL wouldn't work. It would have to be an automated system. code:
|
# ? Apr 5, 2014 22:56 |
|
There are systems that actually read the license plate that is on your car. Beyond that I have no idea how that data is processed.
|
# ? Apr 5, 2014 22:59 |
|
will they charge you destruction of police property or something more interesting
|
# ? Apr 5, 2014 23:29 |
|
http://gizmodo.com/5498412/sql-injection-license-plate-hopes-to-foil-euro-traffic-cameras But no follow up, sadly.
|
# ? Apr 5, 2014 23:36 |
|
You're supposed to name your child with an awkward string, not try and get it onto a license plate http://xkcd.com/327/ Anyway the only way SQL injection can work is if the system in question does not handle query parameterisation properly. Even if the reading system doesn't do this you only have a few characters to work with, and the licensing authority is only going to allow a limited character set.
|
# ? Apr 6, 2014 01:13 |
|
Yes because license plate numbers have semicolons and parentheses
|
# ? Apr 6, 2014 01:40 |
|
(Note: This is written from a UK perspective) I'm going to go with no. Firstly the most common types of speed camera out there, Gatso and Truvelo, take photographs onto film which is then manually viewed by a police officer to determine if an offence has taken place and if so the vehicle details are keyed in manually. You'd have to get a particularly dumb officer to actually enter all that stuff by hand. Even for the cameras that do read number plates (digital Gatso, SPECS, ANPR etc.), there is one big flaw in the SQL injection plan, which is that a licence plate is only 7 characters long (I believe this can go up to 9 in the USA?) so you wouldn't be able to get any meaningful SQL command in there. What would happen is one of two things.
|
# ? Apr 6, 2014 16:39 |
|
Assuming that the system is even automated (as was pointed out earlier that certain systems still require manual data entry) if the software employs even the lightest of input sanitation (eg. encoding/escaping special characters) or user based restricted permissions to the database, none of those attacks would get through. Clever idea though. Its XKCD's "Little Bobbie Tables" personified.
|
# ? Apr 26, 2014 04:34 |
|
ArchetypeAnarch posted:Assuming that the system is even automated (as was pointed out earlier that certain systems still require manual data entry) if the software employs even the lightest of input sanitation (eg. encoding/escaping special characters) or user based restricted permissions to the database, none of those attacks would get through. Clever idea though. Its XKCD's "Little Bobbie Tables" personified.
|
# ? Apr 26, 2014 06:23 |
Red light cameras take pictures a couple seconds apart so they can (for example) tell if you were just slow making a left hand turn as the light changed, or that sort of thing, and obviously a human has to go through all those, so no even if their software was poorly written (lowest bidder and all) I can't see this plan working very well.
|
|
# ? Apr 26, 2014 06:39 |
|
adorai posted:as a consolation prize, it will probably make your plate immune to being recognized. Yes, but as I mentioned before, it'll get you in trouble for attempting to pervert the course of justice. You'd be better off sticking a sign over your plate saying "I am a fuckwit" (insert your preferred slur here) and then denying all knowledge of it being there and removing it as soon as you get pulled over. Not your fault you never noticed someone vandalising your car right?
|
# ? Apr 26, 2014 07:08 |
|
Yeah even if it worked you'd be better off placing the strings on other people's cars if your goal was to cause trouble. Kind of like that Japanese hacker dude that sent threatening emails through a collar on a stray cat.
|
# ? Apr 26, 2014 08:35 |
|
Or you could just stick with the: 00OO00OO II11II11II XKXKXKXK MNMNNNMN plates
|
# ? Apr 26, 2014 19:00 |
License plates are easily OCRed for a reason though, that would be useless. I think old fashioned is probably better, if you want to be an annoying little poo poo get one of those tacky translucent yellow license plate covers or my favorite, from one of those stupid old anarchist handbooks/jolly roger cookbook type things: steal someone's plates, put them on another car, then put the second car's plates on your own edit: I just realized it should be pretty trivial to use a chunk of privacy filter to make your license plate unreadable from an angle, such as speed/red light cameras, without immediately getting pulled over, but on the other hand if you ever parked in public you'd be hosed once any kind of cop/meter reader notices your plate looks black from eye level when you're standing by the car Straker fucked around with this message at 00:24 on Apr 28, 2014 |
|
# ? Apr 28, 2014 00:20 |
|
Lifehack: if you buy a 9 character vanity plate, you can get out of traffic fines by responding to the demand letter with the objection that the listed number plate in the letter isn't yours. Whichever form printing software they use cuts it down to 8 chars for whatever reason. Worked for several years in my state, unfortunately I think they fixed it recently.
|
# ? Apr 28, 2014 04:40 |
|
Shaocaholica posted:Or you could just stick with the: II11II11II is a VRM that appears on ANPR equipment quite often - some ANPR equipment erroneously picks up gates and fences as registration plates, lol.
|
# ? Apr 28, 2014 17:33 |
|
I wonder what the error rate is with similar chars like 1/I, M/N, K/X, 0/O etc. Given that the cameras have limited resolution and lighting conditions etc etc.
|
# ? Apr 28, 2014 18:05 |
I'm pretty sure that'd only work once and then after that they'd just go "Oh, it's that douchebag Jon Doe with the license plate that's all Ks and Xs. We have his address bookmarked, send him a ticket."
|
|
# ? Apr 28, 2014 18:08 |
|
President Ark posted:I'm pretty sure that'd only work once and then after that they'd just go "Oh, it's that douchebag Jon Doe with the license plate that's all Ks and Xs. We have his address bookmarked, send him a ticket." Except with say 8 chars there's 2^8 (256) possible combinations of 2 like chars so thats 256 potential douchebags.
|
# ? Apr 28, 2014 18:15 |
|
Shaocaholica posted:Except with say 8 chars there's 2^8 (256) possible combinations of 2 like chars so thats 256 potential douchebags. Unless they own the same car in the same color it'll still be easy.
|
# ? Apr 29, 2014 03:13 |
|
pram posted:Yes because license plate numbers have semicolons and parentheses They do in NC.
|
# ? Apr 29, 2014 18:15 |
|
wdarkk posted:Unless they own the same car in the same color it'll still be easy. <Insert BMW joke>
|
# ? Apr 29, 2014 20:32 |
|
Maybe not on speed cameras, but there are plenty of automatic number plate recognition systems around for things like congestion charges, tax disc checks, private carparks etc, and a quick read does indicate that these are often uploaded to web services at some point - they may also be running embedded databases for upload in batches, and often connected to other systems, such as automated billing systems. But you're relying on several things namely; None of the code has checks on length. None of the code has checks on valid characters (for instance you'd imagine that ' would get discarded by license plate recognition systems as being "probably a dead bee instead of a valid character"). None of the code escapes characters correctly. There are no human checks in place before entry to the database. It's not impossible, but I'd be very surprised if there were any systems you could compromise in that way.
|
# ? Apr 30, 2014 11:44 |
|
(Not mine.)
|
# ? Apr 30, 2014 15:11 |
|
kloa posted:I guess it could, depending on how the camera systems works (which I have no idea). I'm guessing the camera's either save a video of you running the light, save a compressed image of you running the light, or if it's really sophisticated, it could look up your license plate on-the-fly. How come the ' OR 1=1; wouldn't read?
|
# ? Apr 30, 2014 15:49 |
|
Tab8715 posted:How come the ' OR 1=1; wouldn't read?
|
# ? Apr 30, 2014 16:14 |
|
http://www.snopes.com/autos/law/noplate.aspquote:Claim: A man whose car bore personalized license plates reading 'NO PLATE' received notices for thousands of unpaid parking tickets.
|
# ? Apr 30, 2014 16:15 |
|
stuxracer posted:It would read, but would return every record from the table since 1=1. Yeah, I probably should've put AND 1=2, which is always false. Then it wouldn't grab it.
|
# ? Apr 30, 2014 16:22 |
|
stuxracer posted:It would read, but would return every record from the table since 1=1. I'm a little sql illiterate but wouldn't it just look for the string "OR 1=2" from the license_plate column in the DMV table?
|
# ? Apr 30, 2014 18:11 |
|
This isn't even a SQL problem. This is a "people filling out the forms are stupid" problem. Why would you put a combinations of letters and numbers that could be a valid license plate number into the plate field for a car that has no plates. Draw one giant X or a big line through the box, problem solved.
|
# ? Apr 30, 2014 18:19 |
|
Tab8715 posted:I'm a little sql illiterate but wouldn't it just look for the string "OR 1=2" from the license_plate column in the DMV table?
|
# ? Apr 30, 2014 18:46 |
|
I'd also say it's highly unlikely, but possibe; we've seen larger security fuckups before. More interestingly (and terrifyingly) about difficult to OCR plates: Due to license plate reader error, cop approaches innocent man, weapon in hand Mistaking a "7" for a "2" on wanted Oldsmobile, not a BMW, leads to traffic stop. http://arstechnica.com/tech-policy/2014/04/due-to-license-plate-reader-error-cop-approaches-innocent-man-weapon-in-hand/ The cop had a gun out of the holster but didn't aim it. That's prpbably just a matter of time before some unrelated car gets shot up to hell based on ocr error. They already managed that with like two dissimilar trucks once so someone telling them that the plate was matched...
|
# ? Apr 30, 2014 19:38 |
|
Tab8715 posted:I'm a little sql illiterate but wouldn't it just look for the string "OR 1=2" from the license_plate column in the DMV table? You can read up on SQL injection on your own time, but the initial ' is to close the license plate WHERE clause early and then attach some kind of extra qualifier (AND 1=2) so that the full statement is false and never queries your license plate. IE: The camera ticket would be saved normally, but if you attach a false statement, then the whole query brings back 0 results, instead of the speeders information.
|
# ? Apr 30, 2014 19:40 |
|
LeftistMuslimObama posted:This isn't even a SQL problem. This is a "people filling out the forms are stupid" problem. Why would you put a combinations of letters and numbers that could be a valid license plate number into the plate field for a car that has no plates. Draw one giant X or a big line through the box, problem solved. I would imagine it's also a "lovely software" problem, since on the little digital printers that lots of TCOs use nowadays they probably need to have a certain amount of alphanumeric inputs to specific fields in order to print.
|
# ? Apr 30, 2014 19:43 |
|
LeftistMuslimObama posted:This isn't even a SQL problem. This is a "people filling out the forms are stupid" problem. Why would you put a combinations of letters and numbers that could be a valid license plate number into the plate field for a car that has no plates. Draw one giant X or a big line through the box, problem solved. That wouldn't solve the problem by itself because then all that happens is the transcriptionist entering the ticket into the database takes it upon herself to enter "MISSING" or "XXXXXXX" or "NO TAG" because the drat input field in the UI is compulsory.
|
# ? May 1, 2014 04:37 |
|
~Coxy posted:That wouldn't solve the problem by itself because then all that happens is the transcriptionist entering the ticket into the database takes it upon herself to enter "MISSING" or "XXXXXXX" or "NO TAG" because the drat input field in the UI is compulsory. DESIGN!!!!
|
# ? May 1, 2014 15:59 |
|
I work for a company that sells Milestone software (https://www.milestonesys.com). They have an automatic LPR plugin. I'll give this a try some time next week - should be fun.
|
# ? Jul 3, 2014 04:09 |
|
~Coxy posted:That wouldn't solve the problem by itself because then all that happens is the transcriptionist entering the ticket into the database takes it upon herself to enter "MISSING" or "XXXXXXX" or "NO TAG" because the drat input field in the UI is compulsory. Yeah, it seems easier for the DMV to not issue plates that are potentially confusing, like MISSING and VOID.
|
# ? Jul 3, 2014 12:07 |
|
|
# ? May 21, 2024 18:03 |
|
John Dough posted:Yeah, it seems easier for the DMV to not issue plates that are potentially confusing, like MISSING and VOID. We might as well start calling each other Comrade!
|
# ? Jul 3, 2014 15:20 |