Monday, March 22, 2010

Applications vs. Automobiles

Submitted by Ryan Barnett 03/22/2010

I funny picture was sent to me through our PR team at Schwartz Communications that made me chuckle. I am sure you have seen traffic light cameras that automatically take photos of the cars that do not obey traffic lights. Well, this photo shows how someone was attempting to abuse the fact that most of these cameras are integrated with computers and presumably back-end databases to automatically generate traffic violation tickets. By placing an SQL query on the front bumper where the license plate would normally reside, the driver of this car may be able to not only evade receiving a ticket but may also delete the entire "tablice" table.
This scenario clearly indicates a growing trend - the inter-connectedness between applications and automobiles.
Another recent news story that echoes this trend is found in a recent WASC WHID entry where an attacker was able to hack into his former employer's web application that communicated with systems installed on leased cars. This software was able to either prevent cars from starting or force the car horn to beep repeatedly if the car's lease payment went past due. The hacker not only destroyed account data but also caused 100+ cars to not start and horns sounding off.
These are fairly harmless impacts but there is an under current for concern that this inter-connectedness between online applications and our physical world is actually quite fragile and must be protected from abuse.

1 comment:

Jon Daley said...

Nice. You'd hope that their license plate scanners at least limit the text to 10 characters or something, but it'd be really funny to hear the developer trying to explain how the data was lost...