Tired of waiting at traffic lights? If you are unscrupulous, you can buy a 5.8-GHz radio, hack into a wireless networked traffic signal system, and it's “green lights forever,” according to researchers at the University of Michigan. “The safety critical nature of traffic infrastructure requires that it be secure against computer-based attacks, but this is not always the case,” they write. In coordination with authorities, they demonstrated how to leverage security flaws to gain control of a traffic-signal system.
They continue, “Our attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage.”
Traffic signal security wasn't much of an issue when a traffic light operated as a standalone system running on a fixed timing schedule. Now, however, traffic signals often operate in networks, communicating with sensors and with each other—often wirelessly, thereby saving time and reducing environmental impact. However, remotely accessible and software controlled signals are vulnerable to attack.
In fact, they found that the network they studies was accessible to attackers because it lacked encryption and because devices on the network used default user names and passwords.
They do note that 5.8-GHz radios used in traffic signal applications employ a proprietary protocol, although that could potentially be reverse-engineered. Such radios are not generally sold to the public, they note that one can obtain the necessary radio hardware through “social engineering.”
They cite several attack options. A denial of service might, for example, set all lights to red, or it might prompt a signal's malfunction management unit to enter a safe but suboptimal state.
“More subtly,” they write, “attacks could be made against the entire traffic infrastructure of a city…”—through manipulation of the timings of one intersection relative to its neighbors. Such an attack would cause traffic congestion whose cause is unclear.
In addition, they write, “An attacker can also control lights for personal gain. Lights could be changed to be green along the route the attacker is driving. Since these attacks are remote, this could even be done automatically as she drove, with the lights being reset to normal functionality after she passes through the intersection.”
They continue, “More maliciously, lights could be changed to red in coordination with another attack in order to cause traffic congestion and slow emergency vehicle response.”
They offer several recommendations, centered on improving wireless security (use encryption and don't broadcast SSIDs), keeping firmware for embedded devices in the network updated (difficult for sensors buried in pavement), and changing default credentials.
They emphasize that the problem lies not in any individual vulnerability but in an overall lack of security consciousness. One vendor claimed to follow accepted industry standards and those standards do not specify security.
They conclude, “Until these systems are designed with security as a priority, the security of the entire traffic infrastructure will remain at serious risk.”