Ever get lucky enough to hit a couple of green lights in a row on your morning commute? Well, it appears that it’s not so hard to make happen all the time. If you’re a hacker, at least.
A team of security researchers from the University of Michigan, led by computer science professor J. Alex Halderman, found that the state of Michigan’s traffic light infrastructure is wide open to hackers. The team, with the permission of a local road agency, was able to hack into nearly 100 wirelessly-networked traffic lights more than a laptop and a bit of custom code.
The team say the flaws they uncovered, which included the use of unsecured wireless networks, default username/password combinations and a debugging port that was easy to attack, are likely to be found throughout the country’s systems.
MIT TechReview reports that although the road agency responsible for implementing the system has never faced serious computer security threats, the possibility will become more worrisome as transportation authorities and automakers test new ways for infrastructure and vehicles to communicate in order to reduce congestion and accidents.
“The vendors had not enabled encryption by default and the road agency never did so themselves,” even though doing so would be trivial, said Ph.D student Branden Ghena, who was part of the team. “It is as simple to turn on as checking a button.”
Wirelessly networked traffic lights have four key components: Sensors that detect cars, controllers that use the sensor data to control the lights at an intersection, radios for wireless communication among intersections, and malfunction management units (MMUs), which return lights to safe fallback configurations if an “invalid” configuration occurs.
The Michigan researchers found that anyone with a computer that can communicate at the same frequency as the intersection radios, which in this case was 5.8 gigahertz, could access the entire unencrypted network. It takes just one point of access to get into the whole system.
If a hacker wanted to bring a city to a standstill, this study shows just how easily they could go about doing it. Given that this type of system is used in more than 60% of the traffic intersections throughout the United States, “the industry as a whole needs to understand the importance of security, and the standards it follows should be updated to reflect this. Security must be engineered into these devices from the start rather than bolted on later.”
Interested in learning more about securing our intelligent, ever-connected world? Discover how Atmel’s CryptoAuthentication family can keep your network secure.