Wednesday, December 24, 2008

Speed Camera Pimping

Speed camera ‘pimping’ attack highlights public identity weaknesses
In a brilliant physical-world example of what happens when too much value is placed upon open identification systems for determining reputation, a group of high school students are setting off speeding enforcement cameras using fake license plates belonging to their enemies.

According to an article in the D.C. area Montgomery County Sentinel, high school students are generating photorealistic replicas of their enemies license plates, placing them on their vehicles, and blowing through speeding cameras.

Obviously people who have been victimized by this attack are upset, but at least one anonymous individual hits the nail on the head:

“The practice of sending speeding tickets to faceless recipients without any type of verification is unwarranted and an exploitation of our rights.”

Using a publicly visible number rather than direct challenge and response verification as a means of identification for a financial transaction is a bad idea. Practically all of our purchases online are made via a semi-secret identifier that stays constant for years, and our accounts are protected by a combination of semi-secret lifelong identifiers, such as social security numbers and public information, like our home address.

We should all be demanding identification mechanisms that involve multifactor data for our electronic financial transactions, such as one-time password tokens. It may not be possible to create speed traps that use stronger authentication, but improving financial transactions is within reach

No comments:

Post a Comment

You are not entitled to your opinion. You are entitled to your informed opinion. No one is entitled to be ignorant.

Harlan Ellison