Hacking a traffic lights is frighteningly simple

A new study from the University of Michigan reveals just how vulnerable our infrastructure really is

Topics: the daily dot, Traffic Lights, Hacking, technology, University of Michigan, ,

Hacking a traffic lights is frighteningly simple
This article originally appeared on The Daily Dot.

The Daily Dot It has long been a dream of drivers the world over to make traffic lights instantly flip from red to green with the push of a button. A study published this month by computer scientists at the University of Michigan found that not only is hacking traffic signals to do your bidding possible, but it’s actually shockingly easy.

First getting permission from local authorities, the researchers used little more than wireless-enabled laptops to remotely hack into the network controlling the traffic lights in an unnamed Michigan city. ‟Our attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage,” the paper’s authors explained.

When automatic traffic signals were first rolled out in the United States in the late 1800s, they operated mechanically as stand-alone units. However, as time wore on and technology advanced, most traffic signals evolved into computers, often connected to a larger network of other traffic lights through wireless technology and running through a central server. While these advances allow traffic signals to coordinate with each other more efficiently, it also opens those systems up to attack by hackers who no longer need to open up the physical devices in order to change their behavior.

Using computers that could communicate at the same frequency as the traffic signals, the team was able to intercept communications on the network and execute fraudulent commands across the entire system.

The researchers found that the system wasn’t particularly secure. Not only were the wireless communications between the traffic signals and the central server being sent unencrypted, but the passwords on the devices were set to their factory defaults—meaning anyone able to download a copy of the user’s manual off the Internet could crack them by simply turning to the right page.

‟The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice,” the study noted, ‟but rather show a systemic lack of security consciousness.”



The study posits that hackers could mount a whole range of attacks on traffic light systems. The authors speculate about denial of service attacks that could stop all lights from operating normally; traffic congestion attacks that subtly throw off the timing a light relative to its neighbors as to increase congestion without a high risk of detection; and light control attacks, where someone could ensure he or she only hits green lights wherever they happen to be driving.

The authors added that, even though traffic light systems around the country differ in their specific implementations, they don’t believe that others are necessarily significantly more secure than the one they were able to easily hack into. Vox notes that an estimated 62 percent of traffic lights in the United States are networked in a similar manner.

This study isn’t the first time someone has addressed insecurity of of traffic lights. Earlier this year, an Argentinian security researcher with IoActive presented similar discussion at at cybersecurity conference in Florida showing how someone could build a device for hacking traffic lights for under $100.

Additionally, at least one enterprising hacker has produced a step-by-step guide for building your own specialized controller for hacking traffic lights from the comfort of your own home.

The authors of the University of Michigan study charge that the problem of paying insufficient attention to cybersecurity concerns is endemic across the entire traffic signal industry. They conclude:

A clear example can be seen in the response of the traffic controller vendor to our vulnerability disclosure. It stated that the company, “has followed the accepted industry standard and it is that standard which does not include security.” The industry as a whole needs to understand the importance of security, and the standards it follows should be updated to reflect this. Security must be engineered into these devices from the start rather than bolted on later. Until these systems are designed with security as a priority, the security of the entire traffic infrastructure will remain at serious risk.

More Related Stories

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 17
  • Close
  • Fullscreen
  • Thumbnails
    John Stanmeyer

    Overdevelopment, Overpopulation, Overshoot

    Container City: Shipping containers, indispensable tool of the globalized consumer economy, reflect the skyline in Singapore, one of the world’s busiest ports.

    Lu Guang

    Overdevelopment, Overpopulation, Overshoot

    Man Covering His Mouth: A shepherd by the Yellow River cannot stand the smell, Inner Mongolia, China

    Carolyn Cole/LATimes

    Overdevelopment, Overpopulation, Overshoot

    Angry Crowd: People jostle for food relief distribution following the 2010 earthquake in Haiti

    Darin Oswald/Idaho Statesman

    Overdevelopment, Overpopulation, Overshoot

    “Black Friday” Shoppers: Aggressive bargain hunters push through the front doors of the Boise Towne Square mall as they are opened at 1 a.m. Friday, Nov. 24, 2007, Boise, Idaho, USA

    Google Earth/NOAA, U.S. Navy, NGA, GEBCO

    Overdevelopment, Overpopulation, Overshoot

    Suburban Sprawl: aerial view of landscape outside Miami, Florida, shows 13 golf courses amongst track homes on the edge of the Everglades.

    Garth Lentz

    Overdevelopment, Overpopulation, Overshoot

    Toxic Landscape: Aerial view of the tar sands region, where mining operations and tailings ponds are so vast they can be seen from outer space; Alberta, Canada

    Cotton Coulson/Keenpress

    Overdevelopment, Overpopulation, Overshoot

    Ice Waterfall: In both the Arctic and Antarctic regions, ice is retreating. Melting water on icecap, North East Land, Svalbard, Norway

    Yann Arthus-Bertrand

    Overdevelopment, Overpopulation, Overshoot

    Satellite Dishes: The rooftops of Aleppo, Syria, one of the world’s oldest cities, are covered with satellite dishes, linking residents to a globalized consumer culture.

    Stephanie Sinclair

    Overdevelopment, Overpopulation, Overshoot

    Child Brides: Tahani, 8, is seen with her husband Majed, 27, and her former classmate Ghada, 8, and her husband in Hajjah, Yemen, July 26, 2010.

    Mike Hedge

    Overdevelopment, Overpopulation, Overshoot

    Megalopolis: Shanghai, China, a sprawling megacity of 24 Million

    Google Earth/ 2014 Digital Globe

    Overdevelopment, Overpopulation, Overshoot

    Big Hole: The Mir Mine in Russia is the world’s largest diamond mine.

    Daniel Dancer

    Overdevelopment, Overpopulation, Overshoot

    Clear-cut: Industrial forestry degrading public lands, Willamette National Forest, Oregon

    Peter Essick

    Overdevelopment, Overpopulation, Overshoot

    Computer Dump: Massive quantities of waste from obsolete computers and other electronics are typically shipped to the developing world for sorting and/or disposal. Photo from Accra, Ghana.

    Daniel Beltra

    Overdevelopment, Overpopulation, Overshoot

    Oil Spill Fire: Aerial view of an oil fire following the 2010 Deepwater Horizon oil disaster, Gulf of Mexico

    Ian Wylie

    Overdevelopment, Overpopulation, Overshoot

    Slide 13

    Airplane Contrails: Globalized transportation networks, especially commercial aviation, are a major contributor of air pollution and greenhouse gas emissions. Photo of contrails in the west London sky over the River Thames, London, England.

    R.J. Sangosti/Denver Post

    Overdevelopment, Overpopulation, Overshoot

    Fire: More frequent and more intense wildfires (such as this one in Colorado, USA) are another consequence of a warming planet.

  • Recent Slide Shows

Comments

Loading Comments...