Pierluigi Paganini August 22, 2014

A new study conducted by security researchers at the University of Michigan demonstrated that it is easy to hack traffic light systems.

Hacking Traffic lights is a serious menace for the population, many individuals believe that it is possible only in the movies, but unfortunately is a scaring reality.

‟We investigate a networked traffic signal system currently deployed in the United States and discover a number of security flaws that exist due to systemic failures by the designers. We leverage these flaws to create attacks which gain control of the system,and we successfully demonstrate them on the deployment in coordination with authorities. OOur attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage,” 

“The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice, but rather show a systemic lack of security consciousness,” states the paper.

• unencrypted radio signals,
• the use of factory-default usernames and passwords, and
• a debugging port that is easy to attack

The 900MHz links used in the traffic light systems implement “a proprietary protocol with frequency hopping spread-spectrum (FHSS),” but the 5.8GHz version of the proprietary protocol is similar to 802.11n.

“The proprietary protocol is similar to 802.11 and broadcasts an SSID which is visible from standard laptops and smartphones but cannot be connected to. In order to properly connect, a slave radio must use the proper protocol and know the network SSID. The wireless connections are unencrypted and the radios use factory default usernames and passwords. The configuration software for these radios accepts customized credentials but assumes that the same username and password are used across all
radios on the network.” states the paper.