Researcher: Hackers Can Jam Traffic By Manipulating Real-Time Traffic Data 102
An anonymous reader writes "Hackers can influence real-time traffic-flow-analysis systems to make people drive into traffic jams or to keep roads clear in areas where a lot of people use Google or Waze navigation systems, a German researcher demonstrated at BlackHat Europe. 'If, for example, an attacker drives a route and collects the data packets sent to Google, the hacker can replay them later with a modified cookie, platform key and time stamps, Jeske explained in his research paper (PDF). The attack can be intensified by sending several delayed transmissions with different cookies and platform keys, simulating multiple cars, Jeske added. An attacker does not have to drive a route to manipulate data, because Google also accepts data from phones without information from surrounding access points, thus enabling an attacker to influence traffic data worldwide, he added.' 'You don't need special equipment for this and you can manipulate traffic data worldwide,' Jeske said."
Nothing new (Score:3, Interesting)
There is nothing new about this. I once worked for a guy who bragged to me that as a kid in new Zealand, one of his first hacking exploits was to get into the Auckland traffic control systems and randomly change all the lights to red. He thought it was hilarious. He was an idiot.
Re:Nothing new (Score:5, Insightful)
Better than changing them all to green, I suppose.
Re:Nothing new (Score:5, Interesting)
AFAIK, lights have two sets of circuits in them to prevent a change to greens in more than one direction. If it does happen, the light switches to "oh crap" mode and starts flashing yellow or green.
Of course, I've seen a traffic signal flashing green before all ways, but that was only once.
Re: (Score:2)
Correction: Not yellow/green for "oh crap", yellow or red. Of course, with how people drive, all greens would last about 2-3 seconds before the wreck that happens stops traffic completely for an indefinite time anyway.
Re: (Score:3)
I'm always stunned by how many people cruise right through a disabled traffic light (that is, completely dark).
Re: (Score:3)
Yep, any time I see a disabled light, I compulsively have to remind everyone I know that it means a all-way stop sign for the rest of the day. Kind of annoying of me, but I'd rather not see anyone dead(and I've seen some near misses when I was stopped at one before)
Re: (Score:2)
We being who? Not in my state/nation.
Re: (Score:2)
Signs indicating which road has right-of-way are common in Finland and some of the nearby countries. While it's been a few years since I've driven there, the last time I was in Helsinki, many traffic signals were turned off (as in dark) late at night or on weekends. They also had a number of intersections where there was no Stop or Yield/Give Way signs in any direction. Drivers were expected to know the rules of the road and who had right-of-way.
Re: (Score:1)
That's crazy talk. Expecting drivers to know the rules of the road.
Next you'll be telling us there is some kind of "driver's test" that you need to pass before you are allowed to drive.
Re: (Score:3)
The other day, there was a power outage that caused several traffic lights in my neighborhood to go dark while I was driving with my GF. I uttered a word and she said it was no big deal, just treat it as a 4-way stop, and I said "Yeah, but what about all the idiots who don't know that".
Re: (Score:2)
"Go" at a stop light or stop sign means "go with caution" anyway, so the behavior of others doesn't matter as long as you drive defensively.
Re: (Score:3)
This ^
I always look both ways, to make sure that some fool isn't coming at me 50 mph. I've seen it happen, and there are videos on Youtube. The most recent video I watched, was a guy on a motorcycle running a red light. He went over the car, did a flip, and landed on his feet, looked around for a couple seconds wondering what happened, then collapsed on his broken leg.
Had that motorcycle been a two ton truck instead, the driver who pulled into the intersection without looking would probably have died.
Re: (Score:2)
A broken leg is almost a best case scenario in that kind of wreck. Motorcycle vs. car, car wins.
Re: (Score:2)
Do not think I'm knocking driving defensively, it's hands down the best bet. Just know that it's no guarantee, just the best odds.
Mycroft
Re:Nothing new (Score:5, Informative)
It's called a Conflict Monitor Unit and it's a required element for traffic lights per law. It basically does as you say - it looks at the outputs and if an invalid one crops up (two greens, say) then it immediately shuts down the traffic light and optionally returns a signal that could notify when this occurs.
They're a bit more complex than just detecting two greens - they can even monitor things like are the lights cycling properly (green-yellow-red), how long red/yellow/green lights have been on and if red wasn't actually on for some reason.
Re: (Score:2)
I've still seen ones that are broken; for example a temporary stoplight strung up on wires while an intersection was under construction (and several lanes were closed, etc.). I forget exactly what the fault I witnessed was; it occurred to me that it was probably a wiring fault - like the workers hooked up the wires to the lights incorrectly, or there was a short between the wires, for example. It was something like the yellow and red were illuminated at the same time. The other lights on that signal were fi
Re: (Score:2)
Nevertheless, problems can creep up. I ran into one once where conflicting greens were given, but they were on different light heads. (this was the very complex intersection on Rt 202 in KIng of Pru
Re: (Score:2)
I've also seen them go directly from green to red with no yellow or a brief flash of yellow; I guess that's not really a "conflict" but it's disconcerting.
That's just to ensure more revenue for the camera...
Re: (Score:2)
To cause a real gridlock doing this you have to assume everybody is using the same source of data, and only that one. Most traffic control systems also use mechanical detectors, ca
Re: (Score:2)
Re: (Score:1)
Indeed, there's a growing body of evidence that traffic lights and signs both actually decrease throughput while increasing the number and severity of accidents compared to leaving busy intersections completely unguided and letting drivers sort things out for themselves. Funny that. Who would have thought intelligent beings paying attention to their environment could do a better job of real-time traffic optimization than a bunch of signs being blindly obeyed.
Re: (Score:1)
Indeed, there's a growing body of evidence that traffic lights and signs both actually decrease throughput while increasing the number and severity of accidents compared to leaving busy intersections completely unguided and letting drivers sort things out for themselves. Funny that. Who would have thought intelligent beings paying attention to their environment could do a better job of real-time traffic optimization than a bunch of signs being blindly obeyed.
Um.... No. This is ridiculously easy to disprove. Like, every time I've seen a light that's out, the backup is quite annoyingly long.
It's fairly obvious intuitively, too. If cars go one at a time, you have one car in the intersection at a time. If cars follow, the total throughput is higher.
(Perhaps the less accidents claim is true, but only because you've reduced the transactions per second.)
Re: (Score:2)
Actually transactions per second increases as well - the trick of course is that there's an adjustment period. If you take a bunch of people accustomed to being told exactly what to do it may take weeks before they adjust to actually paying attention and figuring things out for themselves on an ongoing basis.
Who said anything about cars going one at a time? - without any traffic signs you can pack that intersection just as full of cars as will fit - if for example someone is taking a left turn (wide for yo
Re: (Score:3)
Actually transactions per second increases as well - the trick of course is that there's an adjustment period. If you take a bunch of people accustomed to being told exactly what to do it may take weeks before they adjust to actually paying attention and figuring things out for themselves on an ongoing basis.
Who said anything about cars going one at a time? - without any traffic signs you can pack that intersection just as full of cars as will fit - if for example someone is taking a left turn (wide for you non USers) all four incoming paths can also be making right turns simultaneously. And there's no reason the lane he's merging into can't be flowing as well. Even cross-traffic can keep flowing if there are suitable gaps to permit it. Chaotic? Yes, but also efficient so long as everyone is paying attention.
The problem with it, and the reason that we have traffic signals, is that the success of an unregulated intersection relies on nobody making any mistakes in a complex and confusing situation.
Re: (Score:1)
And yet it works. Safer and faster than when things are neatly organized. So long as everybody is expecting a confusing situation and reacts accordingly everything works out. By and large people aren't idiots, they just *act* like idiots when they're on autopilot. Add just a touch of confusion and fear and all of a sudden they start paying attention to what they're doing, and the occasional idiot can muddle through since the others are paying attention. When two idiots encounter each other... well they
Re: (Score:2)
Exactly. There was an offset 4 way intersection that had stop signs instead of lights. They replaced it with lights and traffic definitely flowed better with the stop signs
Re: (Score:2)
Good point.
This behavior suggests that there may be a problem with Google's driverless cars wrt safely handling intersections where the lights are out.
I believe Nevada is the only state where driverless cars are illegal. How are they handling it?
Re: (Score:2)
An interesting question. I would assume though that there are enough unmarked intersections in the country that the car knows how to handle them, and the improved situational awareness and reaction times would probably make it one of the safest "drivers" passing through, with one caveat: It provides no eye contact. When navigating disorganized traffic human drivers tend to fall back on non-verbal driver negotiations, a driverless car doesn't have that option.
Re: (Score:2)
When I think about it, there is the more general category of courteous driving where I do not see how the driverless car could participate in the traffic flow in the same way that human drivers do. I have never thought about how often it happens, but probably more than once a day I am either giving someone the right of way because it is the courteous thing to do, such as letting them change lanes in front of me, or I am benefiting from their courtesy, such as maybe they are letting me take that prime parkin
Re: (Score:2)
Agreed. Perhaps the driverless cars could default to "courteous mode", but it seems like it's often kind of subtle as to what exactly that would entail.
As for road rage - I sort of doubt the person in the driverless car would become enraged, after all while their trip still take time it no longer takes attention so they probably won't even notice the asshole that just cut them off - how often do you get truly annoyed by another car when traveling as a passenger? On the other hand if your virtual chauffeur
Re: (Score:3)
'Die Hard' reference, boys & girls...
Re: (Score:2)
What about the original The Italian Job?
http://www.imdb.com/title/tt0064505/?ref_=sr_2 [imdb.com]
Re: (Score:2)
What about the original The Italian Job?
http://www.imdb.com/title/tt0064505/?ref_=sr_2 [imdb.com]
That is what I was thinking with Benny Hill as the professor (techie who also is compusive p0rn addict) responsible for corrupting the traffic system. Lead job man played by Michael Caine recruits this guy by arranging couple "fun" girls for him.
Re: (Score:2)
Re: (Score:2)
In a younger day, I used to drive taxi in Boston. Back then there was only one traffic jam per day, from 6:00 am until 3:am the following day. It rarely involved more than 70% of the city streets.
Now I live in Oregon where slow moving herds of elk sometimes cause traffic jams on the road to the beaches.
Re: (Score:2)
Of course he's an idiot. You need to change them green along your route.
Re: (Score:2)
I can't help but think cause a big enough traffic jam... and one of those commuters may just show up on your doorstep one day, and being a hacker, he's probably going to be a lot bigger than you.
not too surprising (Score:5, Insightful)
The integrity of the crowdsourced traffic data depends entirely on trusting the client, in this case the Google-controlled Android software that sends back the data. If you figure out how to replay that, then you can pollute the data.
Re: (Score:3, Interesting)
Re: (Score:2)
It used to be terribly inaccurate and I would resort to using Yahoo maps for traffic.
Re: (Score:2)
Google has also been pretty good in Metro Portland area, Oregon. Same for my Garmin Nuvi.
I live near the I-5 bridge over the Columbia River, and when that drawbridge goes up, it sometimes affects roads miles north and south of the river, as drivers use city streets to get to the I-205 bridge.
Re: (Score:2)
Sorry for you. In Europe, it's pretty good...
Re: (Score:2)
"Anyways, traffic data is so unreliable, it is a joke. Actual traffic is often the exact opposite as the traffic data I get in my car. I don't know for the US, but in Canada, it is completely useless."
That must be because of people using this trick.
They simulate heavy traffic in their area so that people get routed around their home so that they can sleep without all that traffic noise.
It's the only use this has.
Re: (Score:2)
Depending on how swiftly and convincingly the malicious client(s) can fake new identities, a 'crowdsourced' mechanism may boil down to 'trusting most of the clients, most of the time'. rather than 'trusting the client, full stop'.
That is a much messier case than actually being allowed to trust the client, but if you can constrain a malicious client's ability to spoof identities, you have a much better chance of being able to crowd out the bad data, especially with something like traffic(where, if the 15 use
Re: (Score:3)
Yeah, if they could cross-reference the GPS-reported location with a rough bounding box from the ISP, that could greatly restrict the data spoofing. But I'm not sure how easy that is to do. Do ISPs even have a mechanism where they could report approximate locations of phones in real-time? Is it legal to do so? I know they can go through logs in response to law-enforcement requests, but not sure how real-time that ability is, or whether telecom laws restrict their ability to share the data.
Re: (Score:2)
What would be ideal is a combination of the above. The telco could provided a hashed/salted [1] value from existing ESN/IMEI numbers, then combined with a rough box handed from ISPs or the telco.
That way, one must have an IMEI in the area in order to affect data. Of course, someone can always have their device state that a jam is happening, but it can be "modded down" by other devices.
[1]: The salt changes every 5 minutes, so Google knows a number for just that long and no longer. Of course, things can
Re: (Score:2)
It would eliminate people sitting in their bedrooms messing with traffic data in random places just for kicks. But if anyone was doing this for a reason (improve traffic flow on their own route, route traffic away from their house), they would be doing it locally, so you'd have to do a bit more than correlate cell towers with reported position.
Re: (Score:2)
I agree completely. The *provenance* of data and the *procedures* used to collect, filter, and process it, critically affect its reliability. Yet even intelligent people seem not to get that. I say "how do you know the data is any good?" to friends and colleagues and they give me blank looks. But this is exactly what you need to know in order to decide whet
Not a problem. . . (Score:4, Insightful)
if you don't bother to use these systems.
Considering the amount of time people spend checking to see which route is preferable, unless that route is at least 10 minutes shorter, there is no significant reason to alter your route.
The obvious exception being total gridlock, highway construction and the like.
It's like people who drive around looking for the cheapest gas not understanding they're burning fuel to save that 2 cents per gallon which negates their cost savings.
Re: (Score:2)
Considering the amount of time people spend checking to see which route is preferable, unless that route is at least 10 minutes shorter, there is no significant reason to alter your route.
Hmmm, I don't think that's right. As I walk to my car, I pull out my phone and see that the Waze widget (or Google Now if you prefer) says 19 minutes to home. Done. How did I waste time? Worst case, it has a longer-than-usual time and I turn on the navigation. What does that take, an extra 30 seconds at the outside?
Re: (Score:3)
What are the odds that they are now or will eventually intentionally take you off the optimal route to view paid for advertising?
Pretty low, or I'd stop using the app!
I'm not sure I'd describe my use of the GPS as "blindly", either. The other day it tried to get me to make an illegal turn. Damned if I didn't survive it by, you know, ignoring the bad directions.
Re: (Score:2)
I check the routes to see if traffic conditions are changing. For most of my commute, the condition options are this:
1. No delay
2. 2-5 minute delay
3. 40 minute delay.
You may wonder, 'so what? Don't reroute on the 2-5 minute delays, like I said'. However the problem isn't that it is a 2-5 minute delay which persists for 30 minutes, it's a 2-5 minute delay which persists for 5 minutes before turning into the 40 minute delay.
On my route, if there is any sort of traffic condition, it quickly escalates in
Traffic Jams? (Score:3)
Barf: The minute we move in they're gonna spot us on their radar.
Lone Starr: Nuh-uh.
Barf: Uh-huh.
Lone Starr: Nuh-uh.
Barf: Uh-uh.
Lone Starr: Nuh-uh. Not if we jam it.
Barf: Aha! You're right.
Lone Starr: Down scope.
Barf: Down scope.
[puts down a periscope and targets the Spaceball 1's radar dish]
Barf: Radar about to be "jammed."
[then, a huge jar of "jam" smashes into the dish]
Re: (Score:2)
Somehow, it's not as funny if you have to explain it.
Apple Data (Score:3)
Re: (Score:3)
Anything is better than Sirius. That traffic system is horrible. It will often show me "Green" for a highway even though it's bumper-to-bumper for miles.
In all of those situations, Google had already refreshed as the red/black criss-cross "DO NOT GO HERE" line
Most traffic is not guided by Google or Waze (Score:2)
So the impact on traffic conditions is likely to be negligible. The best you can do is annoy those who do you Google Maps or Waze by guiding them into the traffic jams they are trying to avoid. But considering the unreliability and time variability of traffic reporting the victims probably won't even notice that they've been fooled.
Perhaps in a future of self-driving cars that always follow Internet sourced navigation this will be more important. I think there is for navigation vendors to tighten their s
Nice things (Score:4, Insightful)
This is another example why we can't have nice things. Some malicious person will find a way to screw it up for no better reason than fun.
It worked! (Score:3, Funny)
Won't make a difference. (Score:3)
I can't imagine this would affect many people. Most people stuck in traffic don't have a choice, they're there because it's a part of their daily commute. I check traffic maps on a daily basis, but it's most just to confirm that, yes, it's as bad as it is every other day. I then proceed to go local.
So the rarer instances where it's handy is if conditions are particularly severe or if there's a jam somewhere you normally wouldn't encounter one. However, even then, there aren't always viable alternatives. Take the New York City area. Unless you can circumvent the region altogether there's no viable alternative, it's all varying degrees of bad.
Not that urban planners and traffic engineers need the help. Some of the decisions they make leave me wondering if they're mentally disabled or trolling the driving public. A couple of the major avenues across my city have light cycles that pretty much guarantee you're going to be stuck at every red if you're driving at or close to the speed limit. Secondary side streets are given far too much priority. Hackers could only improve things.
and... (Score:1)
Re: (Score:2)
Can you hook me up with a script or Android app to make this easy.
Most people here prefer to get hooked up with a person. Scriptsex is next door.
Re: (Score:3)
"Traffic has me on the edge of taking a hostage."
That way you can use the Carpool lanes.
Technically interesting, practically useless (Score:4, Insightful)
In other news... (Score:4, Insightful)
assholes can use computers to aid and abet their assholery.
We sell traffic data... (Score:1)
One of the things my employer does is embed GPS units into *fleets* of trucks that are connected to the trucks speedometers and other systems. This is in partnership with the truck manufacturers and clients (think of multiple fleets of 500 to 10,000 trucks and vans constantly tracked by corporate overlords for multiple business reasons). As a result, we have actual speed and positions from multiple clients at any given location in the markets we service aggregated/anonymized/compressed. We sell access to ou
Depends on where you live (Score:3)
Now that I think about it, in some places, creating a traffic jam is not that hard. Here in Boston, traffic jams happen whenever it snows, whenever it rains, when the sky is clear and the sun is low in the sky (the traffic report calls it "solar glare"), when there's an accident (even in the opposite direction on an interstate highway: "curiosity delays"), whenever there's a Red Sox game or other event at Fenway Park, and when there's road construction. So based on the frequency of traffic jams and the diversity of causes, it does not seem to take much to cause a traffic jam around here. Rural Nebraska might be another story.
Now, to use faked traffic data to *prevent* a traffic jam, that would be a truly noteworthy hack!
They can also take control of your actual cars (Score:1)
Self-directed cars are nature's way of saying "Let the hacker crash me for fun".
Oh, but we're not supposed to talk about that fact.
What dicks (Score:1)
That's all I want to say, lol