Forgot your password?
typodupeerror
Security Transportation

Researchers Find Easy To Exploit Bugs In Traffic Control Systems 50

Posted by samzenpus
from the red-light-green-light dept.
Trailrunner7 (1100399) writes "It has been a running joke in the tech industry for years that the hacking scenes in movies are, well, a joke. Hackers in hoodies pushing a few keys and taking down the power grid or causing massive traffic pileups by turning all the stoplights green at once. While those scenes provide endless entertainment for security folks, it turns out some of those attacks aren't so far-fetched. Cesar Cerrudo, a researcher and CTO at IOActive, decided to take a look at the security of some of the devices that control traffic lights and electronic signs in many cites around the world, and found that not only were the devices vulnerable to a number of attacks, but they could be exploited quite easily and perhaps could be used to spread malware from device to device. Cerrudo said that the vulnerabilities he identified can be exploited from up to a mile or two away with the right equipment."
This discussion has been archived. No new comments can be posted.

Researchers Find Easy To Exploit Bugs In Traffic Control Systems

Comments Filter:
  • This just in... (Score:1, Insightful)

    by Anonymous Coward on Wednesday April 30, 2014 @08:05PM (#46885507)

    Things that can be hacked:

    Your front door: battering ram, sledgehammer, or even less for most doors. How often is nobody home and your home vulnerable to this simple attack?

    All glass windows, especially those thin ones on residential homes.

    Banks, bring a gun and a note.

    Why aren't these things a problem? Because: a) most people aren't schmucks, and b) for those who are, there are police who enforce laws and generally keep order - find people who cause mayhem, arrest them and remand them for judgement.

    Incase anybody thinks they are invisible when using a computer and thus immune to capture and prosecution, put yourself in category b) above, try making big mayhem as described in TFA and see how long you get away with it.

    Signed: AC

  • by DMUTPeregrine (612791) on Wednesday April 30, 2014 @08:25PM (#46885617) Journal
    The issue with movies isn't what gets hacked, it's how fast the hacking happens. The hacker sits down at a computer, types some code for 10 seconds, doesn't compile it, and hacks a system they've never encountered before. There's no months of research to find a vulnerability, no scans of the target to find a known hole, just a bit of quick typing and then havoc ensues.

    Real havoc takes work. It takes hours of looking through the output of a debugger and disassembler, running a fuzzer, etc, etc.
  • Re:Sign story (Score:5, Insightful)

    by greenwow (3635575) on Wednesday April 30, 2014 @08:35PM (#46885683)
    Great story. I really do miss wardialing.
  • Re:Sign story (Score:4, Insightful)

    by grub (11606) <slashdot@grub.net> on Wednesday April 30, 2014 @08:42PM (#46885735) Homepage Journal

    They still have wardialling, it's called nmap. :)
  • Re:This just in... (Score:2, Insightful)

    by Anonymous Coward on Wednesday April 30, 2014 @09:22PM (#46885943)
    Yes, and traffic signals are susceptible to failure by bulldozing. There is a difference between brute forcing something in a way that is immediately obvious, and using some subtlety that can put time and distance between the cause and noticed effect. You could knock down a door, or learn various lock picking methods, some of which require very little time and skill, and use a locked door without getting noticed for possibly a long time (unless you do something stupid).
  • by davidwr (791652) on Wednesday April 30, 2014 @11:27PM (#46886447) Homepage Journal

    I can see a hack that messed up the timing of traffic lights to create a traffic jam, but unless things have changed in the last decade or two, traffic lights in my country have "both way green light detectors" safeties.

    If a light detects that it is green and a "conflicting" light is also green, the whole system will reset to a "safe mode" such as a 4-way flashing-red-light.

    So, yeah, I think scenarios where a hacker or evil-computer-that-takes-over-the-city that turns the lights to green-in-all-directions is a bit far-fetched.

    If I'm wrong, either the traffic engineer who didn't order the safeties put in, the installer who put the wrong thing in, or the manufacturer who didn't build the safeties safe enough needs to be called on the carpet.

It is wrong always, everywhere and for everyone to believe anything upon insufficient evidence. - W. K. Clifford, British philosopher, circa 1876

Working...