Zwolnij just means "slow" in Polish.

The second frame is telling a particular (valid) polish license plate number to slow down.

I think the photos are meant to imply that the system is reading external input as text and so might be vulnerable to an injection attack like what the bottom picture shows. I don't think it was intended to suggest that the system has actually been hacked in that photo.

Of course, the whole thing is meant as a silly joke (and that's one of the reasons I wish it wasn't posted here). It's unlikely that the camera would recognize something that's so obviously different from a license plate, let alone use a SQL database.

I'd love to see a real discussion on how the ubiquity of computers creates interesting vectors for attacking infrastructure. It seems inevitable that these systems will be connected to higher-value targets and that non-traditional input devices can still be used for launching attacks.

Bonus: the "license plate" is ZU O666. "Zuo" is the, uh, internet spelling of "zło," "evil."

@ simonsarris masz racje, to znaczy "slow". =)

Google translate is great but I didnt cheat, I wrote that myself. (http://translate.google.com/#auto|en|).

I think its interesting that in the beginning I assumed this was an american car/place because the SQL statement is in Eglish but in computer language, the reserved statements are English, even though this car in the picture is from Poland.

Pretty funny but I would have to agree these systems are likely meant as a self contained warning appliance and are not powered by a database.

The more interesting question is whether YOU would've thought to sanitize license plate input?

[2009] - Early post on the subject: http://niebezpiecznik.pl/post/fotoradar-injection/ [Polish]

Edit: Author's original post: http://dabroz.scythe.pl/2009/10/29/ocr-injection [English]

Google page translate seemed to have failed so here is the manual version of the page:

As reported by the driver, the 1994 national road safety camera mounted was interesting: http://niebezpiecznik.pl/wp-content/uploads/2009/10/radar-40...

The camera scans car number plates in excess of the speed, and a few dozen meters away, a special table shows the following message: http://niebezpiecznik.pl/wp-content/uploads/2009/10/radar2-4...

I wonder what happens when the national road 94 driven into the car http://niebezpiecznik.pl/wp-content/uploads/2009/10/radar3-4...

P.S. The whole reminds me of an old strip xkcd: http://niebezpiecznik.pl/wp-content/uploads/2009/10/xkcd-450...

More Englishy translation of that page:

Drivers report that an interesting radar camera has been installed on Rt. 94.

The camera scans license plates of cars that exceed the speed limit, and a few hundred feet further there's a special display that shows this:

[DW 530GS SLOW DOWN]

I wonder what will happen when a car like this drives down Rt. 94?

The whole thing reminds me of this old XKCD strip

Oh fine +1 for you making it more "Englishy" =P

Yeh its like Rt. 94 http://maps.google.com/maps?f=q&source=s_q&hl=en&...

While it's funny and mind-opening, the OCR system will probably miss the small punctuation marks such as ' , and ;

Bobby Tables [1] gets a car.

[1] http://xkcd.com/327/

Click through to the larger image. Its much clearer http://i.imgur.com/haspR.jpg

Could there be anything illegal here? They took a picture of you...

But, did it work?

Thats what I dont get. On the car it looks like the driver is writing some other sort of License, ZU O666 but the sign is telling DW 530GS to slow down. Not enough images of the car to prove if it did, or did not tell the driver exactly to slow down. But for the sake of making this awesome, lets say it did work.

Unlikely. I think it's just supposed to be a joke.

This sucks