In this article published on the Infosec Institute are analyzed the principal studies on the security of traffic light systems and techniques to hack them.

http://resources.infosecinstitute.com/hacking-traffic-light-systems/

We often see movie scenes in which hackers are able to hack systems for the control of traffic lights, with catastrophic consequences, unfortunately we must be conscious that threat actors are really able these complex infrestructures causing serious problems.

Traffic lights were originally designed as standalone systems, but they evolved with technological progresses into more complex, networked systems. Modern traffic controllers are able to execute multiple timing plans, communicate in real time with a huge quantity networked sensors and elaborate the collected information to manage traffic flows in the most efficient way

Coordinated traffic signal systems provide great benefits in term of wasted time, environmental impact and public safety, but for their interconnection, public administration have to spend a great effort to ensure an efficient interconnection on a metropolitan geographic distribution. Wireless networking represented the optimal choice to reduce the interconnection cost and quickly implement an interconnected network of traffic light control systems. However, these improvements have raised serious questions in term of security of the overall architectures, the components of traffic light systems are today remotely accessible and wireless interconnected, with serious repercussions in term of security.

Read the full article on Infosec Institute

“Hacking traffic light systems“

The studies presented in this post demonstrate that traffic control systems are vulnerable to cyber attacks, fortunately improving security of the components of a traffic light control system and of the internal connection is possible to prevent major incidents. We have seen that an attacker can run a denial of service attack or cause a traffic jam as diversive measure in a more sophisticated attack.

As remarked by all the actors involved in such interesting studies, the principal problem is the lack of security awareness of the cyber threat, the experts highlighted that traffic controller vendors haven’t managed properly the vulnerability disclosure by the security community. The companies just ensure the compliance to actual industry standards, which don’t consider properly the security issues.

Next generation of control traffic systems must be built with security by design, and fortunately governments are understanding the critic of such environments and the risks of major attacks.

The researchers suggest manufacturers and operators to improve the security of traffic light systems adopting encrypted communications between components of the infrastructure, digitally signing the firmware running on each component to avoid software modifications, and not using default credentials.

Let me close with a reflection, Traffic Light systems are just a sample of the larger family of IoT (Internet of Things), many other devices we daily use have similar vulnerabilities threat actors are increasing targeted them.

Read the full article on Infosec Institute

“Hacking traffic light systems“

Pierluigi Paganini

(Security Affairs – traffic light systems, hacking)