Lost highway

Ken Munro, managing director, Secure Test

Mischief and worse await public and private transport authorities as their kit joins the data highway.

One of the latest technologies to migrate to IP is the speed camera. The first steps down this path were digital speed cameras with removable memory cards. These can store far more images than film. This still needs an operator to visit the camera to download the files, but the chance of the motorist getting away from a speeding fine through lack of film in the camera is much lower.

In theory, every digital speed camera operates nearly 100% of the time. The logical progression is to allow some form of remote access to the camera to download images, either in a batch process or immediately, thus creating an automated offence-to-fine process.

Digging around the internet for more evidence of developments in this area, it turns out that speed camera maker Gatso has already launched a camera capable of IP based communications. It features a rather useful Ethernet port. Moreover, automated number plate recognition is another major benefit of digital imagery, so it's highly likely these two technologies will be combined.

But have the authorities really addressed the security issues of a networked speed camera system? First, it's fairly straightforward to prove the authenticity of a film image, and interfering with a film image inside a speed camera is hard work. Proving the authenticity of a digital image is another matter altogether.

In a high profile case in Sydney, Australia a motorist contested, and won, a case that involved digital speed and toll cameras run by the New South Wales Roads and Traffic Authority. The defence team showed that the MD5 encryption algorithm used to protect camera images was weak and susceptible to interference. There was no way for the authority to prove the integrity of the images, so it lost by default. For some time after it was unable to enforce camera-based fines.

The overhead gantries on the western section of the M25 are populated with digital Gatso cameras managed by Serco. While we can't confirm this, it's likely that they are already taking digital images, and possibly sending these over IP to a central processing centre.

Logically, strong encryption is essential to protect the integrity of this data. But the end points are remarkably exposed. If the cameras are connected to networks, the roadside cabinets near the gantries and the cameras themselves would have to have network connections. It would take only one proven case of tampering with such a cabinet, camera or other point in the network to open a can of worms similar to the one opened in Sydney.

So what are the alternatives? GPRS communications from individual cameras would make some sense, but there are difficulties in proving image integrity.

Managing the integrity of a network in an office environment is nothing compared to the challenge of managing widely distributed end point devices that few motorists like. When was the last time one of your network devices was torched by a firebug with a spare tyre and a can of petrol?

But IP migration is affecting not just private transportation. It has ramifications for public transport too.

Take buses for example. Several local authorities have introduced bus stops that use WiFi to keep arrival time boards up to date. That's a smart idea: a wireless access point needs nothing more than power to operate.

By sniffing the ether with a tool such as Kismet, it is possible to detect lots of wireless clients on bus routes. It would appear that on association with the access point, a MAC address identifies the bus and updates the running time on the bus stop. For a hacker, it would be trivial to sniff the MAC address of a passing bus, spoof it, and then retransmit it near a bus stop. The arrivals board might now believe that Bus 69 is close by when in fact it noting of the sort. This would confuse passengers and embarrass the bus company and the town council. A sustained attack could make all the buses come at once, or even on time. If only.