Feeds

Chinese boffins provoke Oz speed camera kerfuffle

Case binned after image algorithm cracked

Top three mobile application threats

Chinese scientists are the unlikely heroes of a New South Wales speeding case which saw a Sydney magistrate dismiss the charge against an alleged speed merchant because the Roads and Traffic Authority (RTA) could not prove that its vital photographic evidence was "secure", news.com.au reports.

At the centre of the brouhaha lies the MD5 algorithm, used to "store the time, date, place, numberplate and speed of cars caught on camera", as smh.com.au explains.

MD5 is intended to safeguard against tampering with this information by turning it into a 128-bit sequence of digits. However, the chaps from the China's Shandong University proved it was possible to alter the data and retain the same code, ie, the RTA could theoretically change, for example, the car's speed without any evidence of tampering.

The whole thing came to a head when lawyer Denis Miralis used this possible abuse against the RTA in the case of a man allegedly caught speeding in a school zone last November. In June, Magistrate Lawrence Lawson gave the RTA eight weeks to produce an expert willing to testify that the photos had not been doctored. When the RTA failed, Lawson threw out the case and awarded the defendant AU$3,300 costs.

Miralis immediately demanded an enquiry into all NSW's 110 speed cameras, declaring: "The integrity of all speed camera offences has been thrown into serious doubt and it appears that the RTA is unable to prove any contested speed camera matter because of a lack of admissible evidence."

Unsurprisingly, the NSW Law Society admitted the judgment might "open the doors for other drivers caught by speed cameras to mount the same defence".

As for MD5, encryption expert Nick Ellsmore said: "Since the [Chinese] research came out, we've been recommending that clients move away from MD5 and we've certainly recommended that people don't use it for new applications." ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Spanish village called 'Kill the Jews' mulls rebranding exercise
Not exactly attractive to the Israeli tourist demographic
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Lego is the TOOL OF SATAN, thunders Polish priest
New minifigs like Monster Fighters are turning kids to the dark side
Dark SITH LORD 'Darth Vader' joins battle to rule, er, Ukraine
Only I can 'make an empire out of a republic' intones presidential candidate
Chinese company counters pollution by importing fresh air
Citizens line up for bags of that sweet, sweet mountain air
Google asks April Fools: Want a job? Be our 'Pokemon Master'
Mountain View is prankin' like it's 1999...
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.