Traffic lights hacked in major city with just a laptop

Ever get lucky enough to hit a couple of green lights in a row on your morning commute? Well, it appears that it’s not so hard to make happen all the time. If you’re a hacker, at least.

A team of security researchers from the University of Michigan, led by computer science professor J. Alex Halderman, found that the state of Michigan’s traffic light infrastructure is wide open to hackers. The team, with the permission of a local road agency, was able to hack into nearly 100 wirelessly-networked traffic lights more than a laptop and a bit of custom code.

The team say the flaws they uncovered, which included the use of unsecured wireless networks, default username/password combinations and a debugging port that was easy to attack, are likely to be found throughout the country’s systems.

MIT TechReview reports that although the road agency responsible for implementing the system has never faced serious computer security threats, the possibility will become more worrisome as transportation authorities and automakers test new ways for infrastructure and vehicles to communicate in order to reduce congestion and accidents.

“The vendors had not enabled encryption by default and the road agency never did so themselves,” even though doing so would be trivial, said Ph.D student Branden Ghena, who was part of the team. “It is as simple to turn on as checking a button.”

Wirelessly networked traffic lights have four key components: Sensors that detect cars, controllers that use the sensor data to control the lights at an intersection, radios for wireless communication among intersections, and malfunction management units (MMUs), which return lights to safe fallback configurations if an “invalid” configuration occurs.

The Michigan researchers found that anyone with a computer that can communicate at the same frequency as the intersection radios, which in this case was 5.8 gigahertz, could access the entire unencrypted network. It takes just one point of access to get into the whole system.

“By sniffing packets sent between the controller and this program, we discovered that communication to the controller is not encrypted, requires no authentication, and is replayable. Using this information, we were then able to reverse engineer parts of the communication structure. Various command packets only differ in the last byte, allowing an attacker to easily determine remaining commands once one has been discovered. We created a program that allows a user to activate any button on the controller and then displays the results to the user. We also created a library of commands which enable scriptable attacks. We tested this code in the field and were able to access the controller remotely.”Once access was gained, in just minutes, the team had the ability to change light schedules, disable parts of the grid, or even put the the entire system into a failsafe mode. “Until these systems are designed with security as a priority, the security of the entire traffic infrastructure remains at serious risk,” a paper documenting the results explains.

The researchers in their paper add, “The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice, but rather show a systemic lack of security consciousness.”

If a hacker wanted to bring a city to a standstill, this study shows just how easily they could go about doing it. Given that this type of system is used in more than 60% of the traffic intersections throughout the United States, “the industry as a whole needs to understand the importance of security, and the standards it follows should be updated to reflect this. Security must be engineered into these devices from the start rather than bolted on later.”

Interested in learning more about securing our intelligent, ever-connected world? Discover how Atmel’s CryptoAuthentication family can keep your network secure.