Traffic light hacking shows the "Internet of Things" must come with better security

Aug 22, 2014 by Bill Buchanan
How traffic lights are controlled. Credit: Bill Buchanan

The growing extent to which our day-to-day infrastructure is computer-controlled and internet-connected leaves it open to the possibility that malicious hackers could intercept data or take control of devices.

Often this sort of critical is obvious, for example in electricity generation or supply, in large datacentres where hundreds or thousands of web-based companies are based, or in financial services. But often it is the least obvious elements that are most open to attack. For example, attacking the air conditioning system at a datacentre could cause catastrophic overheating of the computers there. Or affecting the control of traffic around a city or region, reducing roads to gridlock.

As we move towards a situation where computers control and optimise our lives using the data they record about us, our dependence on them grows, as does their vulnerability to failure. Protecting the technology we rely on for our day-to-day lives from attack or failure must be a priority.

Traffic light hacking

To prove this point, a group of security researchers led by Alex Halderman at the University of Michigan published a report of how they managed to use a laptop and an off-the-shelf radio transmitter to break into and control more than 100 traffic light signals in Michigan City.

In order to be ethical in their approach they gained full permission from the road agency, and ensured there was no danger to drivers. The experiment was a test to see just how easily the traffic control infrastructure could be compromised.

In the US, the radio frequency used by traffic light controllers is typically in the industrial, scientific and medical (ISM) band at 900MHz or 5.8GHz. This means that the researchers were able to buy widely available wireless equipment to communicate with the devices.

What they found was weak wireless security with the use of open and unencrypted radio signals. This allows would-be intruders to eavesdrop on network traffic travelling over wireless radio signals to and from the controllers. In this way it's possible to see the usernames and passwords being used – and they found that the usernames and passwords used were in any case set to factory defaults, and could be easily found on the internet. The controllers also had a physical port for debugging at street level that was physically accessible and easily compromised.

Traffic light controllers are linked to an induction loop buried in the ground that monitors traffic passing through the junction, and to cameras that provide the colour of lights to the controller and, via radio transmitters, a live visual feed to road agency staff.

A malfunction management unit (MMU) ensures that the lights are not put into an unsafe state, such as showing red and green at the same time. The lights change colour according to the information the controller receives from the induction loop and camera, so that, if there is a good deal of traffic at the lights, the flow will be adjusted accordingly.

If malicious attackers can gain control of the MMU the lights can be forced into unsafe states or to steady red or steady green, which could cause traffic chaos citywide. The researchers found that just making a single connection between two wires would provide full control of the traffic lights.

Two many open doors

A typical security problem with many control systems is that there is often a physical connector known as a debugging port, used for troubleshooting, that is unsecured and provides easy access or information to attackers. A debugging port typically outputs status or error messages to devices connected to it, and from this information attackers can work out what electronic devices are being used and what software is being run. This provides vital information that helps an attacker find flaws or vulnerabilities that can be used to take control. It can also allow commands to be sent to the controller.

The researchers also found that the controller and MMU don't take any steps to verify that the messages they receive are from where they claim to be, and not from some other source. As the messages were not encrypted in any way, it was possible to analyse them and work out how to reproduce the correct commands, hijacking the channel and sending commands to operate the lights (a man in the middle attack). It was even possible to access the controller remotely, and ultimately the team was able to operate all the lights in the neighourhood.

They also found that you could attack the malfunction unit with incorrect signals to make it put the lights in a failure state, so for example all red - using a Denial of Service (DoS) method.

A metaphorical red light

Messing about with traffic lights may seem foolish, but this shows the system has several weaknesses, of design and implementation, that make it easy to attack. It's clear that security was not a major concern in how it was designed and built – and therein lies the problem. This is not a small issue; this type of system is used in more than 60% of the traffic junctions in the US.

If a malicious hacker wanted to bring a city to a standstill, this is how they could do it, fairly easily. And this isn't just about traffic – there are many other types of critical systems infrastructure – telecommunications, power transmission, and others – that have been designed and installed over many decades with the same lax approach to security. Engineers need to start designing infrastructure that is secure by design, or it will be more than just jams to worry about.

Explore further: Michigan team finds security flaws in traffic lights

add to favorites email to friend print save as pdf

Related Stories

Michigan team finds security flaws in traffic lights

Aug 21, 2014

What if attackers could manipulate traffic lights so that accidents would happen with mayhem as the result? That is a question many would rather put off for another day but authorities feeling responsible ...

The traffic light turns 100

Aug 06, 2014

100 years ago, on August 5, 1914, the first electric traffic light was installed on a city street in Cleveland, Ohio. Siemens entered the business ten years later, when the first traffic light tower from Siemens was installed ...

Smart traffic lights reduce fuel usage and lower emissions

Oct 27, 2010

(PhysOrg.com) -- Denso Corp. has designed the next version of 'the smart traffic light system'. By using messaging between vehicles and the traffic-light controller, better decisions about when to change signaling ...

Faster maintenance for traffic control systems

May 06, 2014

A new app from Siemens halves the time needed for technicians to service intelligent traffic management systems on highways. The automatic display panels on sign gantries are controlled by sensors, and the ...

Guarding against 'Carmageddon' cyberattacks

Jun 11, 2014

The potential value of turning the nation's freeways into "smart transportation systems" is enormous. Equipping the nation's concrete arteries with a nervous system of computers and sensors that directly control on-ramp signals ...

Recommended for you

Prosecutors target credit card thieves overseas

Sep 12, 2014

Criminals from around the world buy and sell stolen credit card information with ease in today's digital age. But if they commit their crime entirely outside the United States, they may be hard to prosecute.

Amanda Todd suspect linked to dozens of cases

Sep 12, 2014

A prosecutor says a Dutch man suspected of possessing child pornography and blackmailing and harassing victims over the Internet with naked images of themselves may have victimized up to 40 people in the Netherlands and several ...

User comments : 0