Hacking a traffic lights is frighteningly simple

A new study from the University of Michigan reveals just how vulnerable our infrastructure really is

Topics: the daily dot, Traffic Lights, Hacking, technology, University of Michigan, ,

Hacking a traffic lights is frighteningly simple
This article originally appeared on The Daily Dot.

The Daily Dot It has long been a dream of drivers the world over to make traffic lights instantly flip from red to green with the push of a button. A study published this month by computer scientists at the University of Michigan found that not only is hacking traffic signals to do your bidding possible, but it’s actually shockingly easy.

First getting permission from local authorities, the researchers used little more than wireless-enabled laptops to remotely hack into the network controlling the traffic lights in an unnamed Michigan city. ‟Our attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage,” the paper’s authors explained.

When automatic traffic signals were first rolled out in the United States in the late 1800s, they operated mechanically as stand-alone units. However, as time wore on and technology advanced, most traffic signals evolved into computers, often connected to a larger network of other traffic lights through wireless technology and running through a central server. While these advances allow traffic signals to coordinate with each other more efficiently, it also opens those systems up to attack by hackers who no longer need to open up the physical devices in order to change their behavior.

Using computers that could communicate at the same frequency as the traffic signals, the team was able to intercept communications on the network and execute fraudulent commands across the entire system.

The researchers found that the system wasn’t particularly secure. Not only were the wireless communications between the traffic signals and the central server being sent unencrypted, but the passwords on the devices were set to their factory defaults—meaning anyone able to download a copy of the user’s manual off the Internet could crack them by simply turning to the right page.

‟The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice,” the study noted, ‟but rather show a systemic lack of security consciousness.”



The study posits that hackers could mount a whole range of attacks on traffic light systems. The authors speculate about denial of service attacks that could stop all lights from operating normally; traffic congestion attacks that subtly throw off the timing a light relative to its neighbors as to increase congestion without a high risk of detection; and light control attacks, where someone could ensure he or she only hits green lights wherever they happen to be driving.

The authors added that, even though traffic light systems around the country differ in their specific implementations, they don’t believe that others are necessarily significantly more secure than the one they were able to easily hack into. Vox notes that an estimated 62 percent of traffic lights in the United States are networked in a similar manner.

This study isn’t the first time someone has addressed insecurity of of traffic lights. Earlier this year, an Argentinian security researcher with IoActive presented similar discussion at at cybersecurity conference in Florida showing how someone could build a device for hacking traffic lights for under $100.

Additionally, at least one enterprising hacker has produced a step-by-step guide for building your own specialized controller for hacking traffic lights from the comfort of your own home.

The authors of the University of Michigan study charge that the problem of paying insufficient attention to cybersecurity concerns is endemic across the entire traffic signal industry. They conclude:

A clear example can be seen in the response of the traffic controller vendor to our vulnerability disclosure. It stated that the company, “has followed the accepted industry standard and it is that standard which does not include security.” The industry as a whole needs to understand the importance of security, and the standards it follows should be updated to reflect this. Security must be engineered into these devices from the start rather than bolted on later. Until these systems are designed with security as a priority, the security of the entire traffic infrastructure will remain at serious risk.

More Related Stories

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 11
  • Close
  • Fullscreen
  • Thumbnails
    Burger King Japan

    2014's fast food atrocities

    Burger King's black cheeseburger: Made with squid ink and bamboo charcoal, arguably a symbol of meat's destructive effect on the planet. Only available in Japan.

    Elite Daily/Twitter

    2014's fast food atrocities

    McDonald's Black Burger: Because the laws of competition say that once Burger King introduces a black cheeseburger, it's only a matter of time before McDonald's follows suit. You still don't have to eat it.

    Domino's

    2014's fast food atrocities

    Domino's Specialty Chicken: It's like regular pizza, except instead of a crust, there's fried chicken. The company's marketing officer calls it "one of the most creative, innovative menu items we have ever had” -- brain power put to good use.

    Arby's/Facebook

    2014's fast food atrocities

    Arby's Meat Mountain: The viral off-menu product containing eight different types of meat that, on second read, was probably engineered by Arby's all along. Horrific, regardless.

    KFC

    2014's fast food atrocities

    KFC'S ZINGER DOUBLE DOWN KING: A sandwich made by adding a burger patty to the infamous chicken-instead-of-buns creation can only be described using all caps. NO BUN ALL MEAT. Only available in South Korea.

    Taco Bell

    2014's fast food atrocities

    Taco Bell's Waffle Taco: It took two years for Taco Bell to develop this waffle folded in the shape of a taco, the stand-out star of its new breakfast menu.

    Michele Parente/Twitter

    2014's fast food atrocities

    Krispy Kreme Triple Cheeseburger: Only attendees at the San Diego County Fair were given the opportunity to taste the official version of this donut-hamburger-heart attack combo. The rest of America has reasonable odds of not dropping dead tomorrow.

    Taco Bell

    2014's fast food atrocities

    Taco Bell's Quesarito: A burrito wrapped in a quesadilla inside an enigma. Quarantined to one store in Oklahoma City.

    Pizzagamechangers.com

    2014's fast food atrocities

    Boston Pizza's Pizza Cake: The people's choice winner of a Canadian pizza chain's contest whose real aim, we'd imagine, is to prove that there's no such thing as "too far." Currently in development.

    7-Eleven

    2014's fast food atrocities

    7-Eleven's Doritos Loaded: "For something decadent and artificial by design," wrote one impassioned reviewer, "it only tasted of the latter."

  • Recent Slide Shows

Comments

Loading Comments...