Flaw found in electronic traffic control that allows hacker to control traffic

1 May 2014

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

An online security team in the US has found that for even for the most moderately-skilled hacker, there exists the ability to hack the data points of thousands of traffic-management systems across the world.

While appearing in many technology-driven Hollywood movies and even the upcoming video game Watch Dogs, the ability to hack into a city’s infrastructure and cause chaos or suit a person’s intentions would still be considered something of a work of fiction.

However, Cesar Cerrudo of security penetration testing firm IOActive has reportedly found 50,000 devices across some of the world’s biggest cities can be accessed with gear that can be obtained for little more than US$100.

The company released a blog post about Cerrudo’s findings which would allow anyone to take complete control of the devices and send fake data to traffic-control systems.

To emphasise the point of how easy it actually was, they also equipped a small drone aircraft with a wireless transmitter than could access the traffic relay’s signal from a height of 650 feet, far from the eyes of any authorities on the ground.

Amazingly, Cerrudo and his team had gone to the vendor of the devices used to monitor traffic, but were told that they had no intention of changing the encryption or software on them because they were designed to be easily accessed by multiple authorities, leaving them incredibly exposed.

As they go into in their blog: “For instance, regarding one of the vulnerabilities, the vendor said that since the devices were designed that way (insecure) on purpose, they were working as designed, and that customers (state/city governments) wanted the devices to work that way (insecure), so there wasn’t any security issue. Yes that was the answer, I couldn’t believe it.”

With the ability to access these thousands of points remotely, a person could, with the click of a mouse, cause traffic jams and problems at intersections, make traffic lights stay a colour longer than normal or remain on entirely or even change digital speed limits and roadside instructions at will.

Traffic jam image via Shutterstock

66

DAYS

4

HOURS

26

MINUTES

Get your early bird tickets now!

Colm Gorey is a journalist with Siliconrepublic.com

editorial@siliconrepublic.com