Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Transportation

Researchers Find Easy To Exploit Bugs In Traffic Control Systems 50

Posted by samzenpus from the red-light-green-light dept.
Trailrunner7 (1100399) writes "It has been a running joke in the tech industry for years that the hacking scenes in movies are, well, a joke. Hackers in hoodies pushing a few keys and taking down the power grid or causing massive traffic pileups by turning all the stoplights green at once. While those scenes provide endless entertainment for security folks, it turns out some of those attacks aren't so far-fetched. Cesar Cerrudo, a researcher and CTO at IOActive, decided to take a look at the security of some of the devices that control traffic lights and electronic signs in many cites around the world, and found that not only were the devices vulnerable to a number of attacks, but they could be exploited quite easily and perhaps could be used to spread malware from device to device. Cerrudo said that the vulnerabilities he identified can be exploited from up to a mile or two away with the right equipment."
This discussion has been archived. No new comments can be posted.

Researchers Find Easy To Exploit Bugs In Traffic Control Systems More

Researchers Find Easy To Exploit Bugs In Traffic Control Systems

Comments Filter:

  • Easy peasy (Score:5, Informative)

    by kimvette ( 919543 ) on Wednesday April 30, 2014 @07:54PM (#46885445) Homepage Journal

    Easy but regulated by federal law.

    See:
    http://en.wikipedia.org/wiki/T... [wikipedia.org]
    http://www.themirt.com/ [themirt.com]
    http://boingboing.net/2006/04/... [boingboing.net]
    http://www.advancedtraffic.com... [advancedtraffic.com]

    There are several standards in use - ~10Hz, ~12Hz, and ~15KHz

  • Re:low impact (Score:4, Informative)

    by pipedwho ( 1174327 ) on Wednesday April 30, 2014 @09:00PM (#46885819)

    It is unlikely that the controller is able to set multiple cross signal lights to green at the same time. I did some work on one these systems about 20 years ago, and it contained circuitry (and physical switches to set the system) to lock out that kind of thing from happening (due to either a bug in the code, a failed code update, or in this case a hack). I assume newer units would have a small supervisory microcontroller to detect other anomalies, but either way if something went wrong the circuitry forced all light stacks to flash orange.

    This doesn't mean there aren't safety critical systems out there that have been designed by cowboy or non-embedded coders (like the current crop of ATMs that are far slower and unresponsive than previous models and probably have never felt the touch of an embedded systems expert).

    But, it is unlikely that a hack can cause accidents, beyond frustrating motorists by setting the lights red, or forcing one set continuously green.

  • Re:low impact (Score:4, Informative)

    by LoyalOpposition ( 168041 ) on Thursday May 01, 2014 @09:16AM (#46888295)

    I would be surprised if real traffic light controllers did not have such a safety module.

    They do. I worked for a company in 2005 that designed and manufactured traffic light controllers. We bought a standard module from a different company that just watched for conflicting signals, and switched the intersection to all flashing red if it ever saw one. Of course, it was a micro-computer, not an Electrical Engineering class project, but it wasn't connected to the internet and it didn't have any wireless communications ability, so it couldn't be hacked by anything short of physical presence and hand tools.

    ~Loyal

Slashdot Top Deals

"The one charm of marriage is that it makes a life of deception a neccessity." - Oscar Wilde

Close