• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Hacking traffic light systems, it’s so easy

Hacking traffic light systems, it’s so easy

Pierluigi Paganini August 22, 2014

A new study conducted by security researchers at the University of Michigan demonstrated that it is easy to hack traffic light systems.

Hacking Traffic lights is a serious menace for the population, many individuals believe that it is possible only in the movies, but unfortunately is a scaring reality.

In May I anticipated you an interesting study conducted by security expert Cesar Cerrudo, CTO at IOActive, which investigated on the security of components within control systems for traffic lights and electronic signs in different cities around the world discovering an alarming reality. The researcher has discovered several systems vulnerable to a number of cyber attacks, for example spreading a malware within a network of similar systems.
A new study conducted by security researchers at the University of Michigan, led by computer scientist J. Alex Halderman, demonstrated that it is very easy to hack traffic light systems without any particular knowledge, an attacker just needs a laptop and a specific radio system.
The researchers issued a paper to describe the exploitation of security vulnerabilities in traffic light systems, the team very easily and very quickly obtained the control of the system of at least 100 traffic signals in an unnamed Michigan city from a single point of access, a local road agency.
traffic lights hacking 2

‟We investigate a networked traffic signal system currently deployed in the United States and discover a number of security flaws that exist due to systemic failures by the designers. We leverage these flaws to create attacks which gain control of the system,and we successfully demonstrate them on the deployment in coordination with authorities. OOur attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage,” 

“The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice, but rather show a systemic lack of security consciousness,” states the paper.

The experts identified three major weaknesses in the national traffic systems which potentially allow anyone to hack the traffic lights network:
  • unencrypted radio signals,
  • the use of factory-default usernames and passwords, and
  • a debugging port that is easy to attack
As explained by the experts the use of wireless radio transmissions (a combination of 5.8GHz and 900MHz radio signals) is very common for traffic light systems, this choice allows to reduce the costs of installation and maintenance of the networks.
The 900MHz links used in the traffic light systems implement “a proprietary protocol with frequency hopping spread-spectrum (FHSS),” but the 5.8GHz version of the proprietary protocol is similar to 802.11n.
“The proprietary protocol is similar to 802.11 and broadcasts an SSID which is visible from standard laptops and smartphones but cannot be connected to. In order to properly connect, a slave radio must use the proper protocol and know the network SSID. The wireless connections are unencrypted and the radios use factory default usernames and passwords. The configuration software for these radios accepts customized credentials but assumes that the same username and password are used across all
radios on the network.” states the paper.
Anyone with a laptop and a radio system operating on the same frequency as the networked traffic light (5.8 GHz) could access the network because the communication is not encrypted.
The researchers demonstrated to be able to infiltrate the networks of control traffic light systems, once gained the access they were able to communicate with controllers that run VxWorks 5.5 version. This version unfortunately by default has a debug port using for for testing, and researchers exploited it.

“By sniffing packets sent between the controller and this program, we discovered that communication to the controller is not encrypted, requires no authentication, and is replayable. Using this information, we were then able to reverse engineer parts of the communication structure,” the paper reads.

Once again an unprotected communication allowed the researchers to reverse engineer the protocol used in the communication, once controlled the debug port the experts were able to send commands to control lights or alter the timing of neighboring intersections.

“Various command packets only differ in the last byte, allowing an attacker to easily determine remaining commands once one has been discovered. We created a program that allows a user to activate any button on the controller and then displays the results to the user. We also created a library of commands which enable scriptable attacks. We tested this code in the field and were able to access the controller remotely.”

The researchers also demonstrated that a bad actor could perform denial-of-service (DoS) attack on controlled intersections causing the block of traffic lights.
The researchers suggest manufacturers and operators to improve the security of traffic light systems using encrypted communication and not using default credentials.

“While traffic control systems may be built to fail into a safe state, we have shown that they are not safe from attacks by a determined adversary,” the paper concluded.

The problem is that Traffic Light systems are just a sample of IoT (Internet of Things), many other similar systems are daily adopted by each of us … and all these systems are vulnerable.

Pierluigi Paganini

(Security Affairs – Traffic light systems, hacking)  


facebook linkedin twitter

critical infrastructure DOS Hacking Internet of Things IoT traffic light systems

you might also like

Pierluigi Paganini July 24, 2025
U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog
Read more
Pierluigi Paganini July 23, 2025
U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

    Cyber Crime / July 26, 2025

    Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

    Intelligence / July 26, 2025

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

    Security / July 25, 2025

    Koske, a new AI-Generated Linux malware appears in the threat landscape

    Malware / July 25, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT