Chinese boffins provoke Oz speed camera kerfuffle

Case binned after image algorithm cracked


Chinese scientists are the unlikely heroes of a New South Wales speeding case which saw a Sydney magistrate dismiss the charge against an alleged speed merchant because the Roads and Traffic Authority (RTA) could not prove that its vital photographic evidence was "secure", news.com.au reports.

At the centre of the brouhaha lies the MD5 algorithm, used to "store the time, date, place, numberplate and speed of cars caught on camera", as smh.com.au explains.

MD5 is intended to safeguard against tampering with this information by turning it into a 128-bit sequence of digits. However, the chaps from the China's Shandong University proved it was possible to alter the data and retain the same code, ie, the RTA could theoretically change, for example, the car's speed without any evidence of tampering.

The whole thing came to a head when lawyer Denis Miralis used this possible abuse against the RTA in the case of a man allegedly caught speeding in a school zone last November. In June, Magistrate Lawrence Lawson gave the RTA eight weeks to produce an expert willing to testify that the photos had not been doctored. When the RTA failed, Lawson threw out the case and awarded the defendant AU$3,300 costs.

Miralis immediately demanded an enquiry into all NSW's 110 speed cameras, declaring: "The integrity of all speed camera offences has been thrown into serious doubt and it appears that the RTA is unable to prove any contested speed camera matter because of a lack of admissible evidence."

Unsurprisingly, the NSW Law Society admitted the judgment might "open the doors for other drivers caught by speed cameras to mount the same defence".

As for MD5, encryption expert Nick Ellsmore said: "Since the [Chinese] research came out, we've been recommending that clients move away from MD5 and we've certainly recommended that people don't use it for new applications." ®


Other stories you might like

  • Cheers ransomware hits VMware ESXi systems
    Now we can say extortionware has jumped the shark

    Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.

    ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.

    "ESXi is widely used in enterprise settings for server virtualization," Trend Micro noted in a write-up this week. "It is therefore a popular target for ransomware attacks … Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."

    Continue reading
  • Twitter founder Dorsey beats hasty retweet from the board
    As shareholders sue the social network amid Elon Musk's takeover scramble

    Twitter has officially entered the post-Dorsey age: its founder and two-time CEO's board term expired Wednesday, marking the first time the social media company hasn't had him around in some capacity.

    Jack Dorsey announced his resignation as Twitter chief exec in November 2021, and passed the baton to Parag Agrawal while remaining on the board. Now that board term has ended, and Dorsey has stepped down as expected. Agrawal has taken Dorsey's board seat; Salesforce co-CEO Bret Taylor has assumed the role of Twitter's board chair. 

    In his resignation announcement, Dorsey – who co-founded and is CEO of Block (formerly Square) – said having founders leading the companies they created can be severely limiting for an organization and can serve as a single point of failure. "I believe it's critical a company can stand on its own, free of its founder's influence or direction," Dorsey said. He didn't respond to a request for further comment today. 

    Continue reading
  • Snowflake stock drops as some top customers cut usage
    You might say its valuation is melting away

    IPO darling Snowflake's share price took a beating in an already bearish market for tech stocks after filing weaker than expected financial guidance amid a slowdown in orders from some of its largest customers.

    For its first quarter of fiscal 2023, ended April 30, Snowflake's revenue grew 85 percent year-on-year to $422.4 million. The company made an operating loss of $188.8 million, albeit down from $205.6 million a year ago.

    Although surpassing revenue expectations, the cloud-based data warehousing business saw its valuation tumble 16 percent in extended trading on Wednesday. Its stock price dived from $133 apiece to $117 in after-hours trading, and today is cruising back at $127. That stumble arrived amid a general tech stock sell-off some observers said was overdue.

    Continue reading

Biting the hand that feeds IT © 1998–2022