SQL Injection Fools Speed Traps and Clears Your Record

Typical speed camera traps have built-in OCR software that is used to recognize license plates. A clever hacker decided to see if he could defeat the system by using SQL Injection…

The basic premise of this hack is that the hacker has created a simple SQL statement which will hopefully cause the database to delete any record of his license plate. Or so he (she?) hopes. Talk about getting off scot-free!

The reason this works (or could work?) is because while you would think a traffic camera is only taught to recognize the license plate characters, the developers of the third-party image recognition software simply digitize the entire thing — recognizing any and all of the characters present. While it’s certainly clever, we’re pretty sure you’ll still get pulled over and questioned — but at least it’s not as extreme as building a flashbulb array to blind traffic cameras…

What do you guys think? Did it work? This image has been floating around the net for a few years now — if anyone knows the original story let us know!

106 thoughts on “SQL Injection Fools Speed Traps and Clears Your Record

  1. Hi!

    for those wondering, this is indeed from Poland, and that image is indeed a few years old…

    But the article shows only a part of the original image:

    the guy who did that hack was actually trying to hack a camera that was giving feedback immediately after. Because of the many reposts, it’s hard to find the original one to know how well did he manage to get it working.

    HTH

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s