Hacking Into the Grid—How Some Hackers Are Getting Out of Traffic and Making Their Own Green Lights
- comments
-
For those born of the modern age, the knowledge of traffic lights is often acquired in kindergarten. Rhyming idioms tell us "Red on top, and green below; Red says stop and green says go", but it isn't until much later, when we're far more tech-savvy that we realize the assumptions we once learned are not so easily defined.
Where there's a network and an internet signal, there's an opportunity for hackers to change the rules of the game. And recent research is proving that traffic light hacking is not an unreasonable feat for hackers to conquer.
"The critical nature of traffic infrastructure requires that it be secure against computer-based attacks, but this is not always the case" lead researcher from the Electrical Engineering and Computer Science Department at the University of Michigan, Branden Ghena said in a research paper recently submitted to the journal for the Workshop on Offensive Technologies. "We investigated a networked traffic signal system currently deployed in the United States and discover a number of security flaws that exist due to systemic failures by the designers."
Testing the traffic infrastructure of their very own local Michigan roadway, by hacking into nearly 100 traffic lights all guided by a single wireless network, the research team found three major weaknesses that could be exploited by any skilled hacker with the right know-how.
The three weaknesses they classified as being "inadequate security" measures were vulnerability to known exploits, lack of encryption and a non-existence of secure authentication - all three which could lead to fatal traffic congestion or terribly inconvenient grid-locking.
While the findings have not been found to be correlated to any cases of serious breaches in security, from the Michigan road agency, the MIT Technology Review reports that similar wireless networks are used throughout 40 states - a serious problem the United States faces with a new generation of talented hackers.
"While traffic control systems may be built to fail into a safe state, we have shown that they are not safe from attacks by a determined adversary" Ghena says. "With the appropriate hardware and a little effort, an adversary can reconfigure a traffic controller to suit their needs."
Simply using a wireless connection and some sort of radio transmitter to communicate with the traffic lights' network, nearly any individual can breeze through their morning commute or cause serious harm on busy intersections. Although the focus of the study was particular to traffic light system's infrastructure, the results hold a warning signal for similarly run networks, which include voting machines and even medical devices that keep people alive.
"We have identified practical solutions which can be deployed by transportation departments and manufacturers to guard against some of these threats [however] the real problem is not any individual vulnerability, but [rather] a lack of security consciousness in the field" Ghena says. "Until these systems are designed with security as a priority, the security of the entire traffic infrastructure will remain at serious risk."
