Tuesday, August 26, 2014

Alex Halderman's Team at University of Michigan Study Traffic Light Security

New TerraSwarm faculty member, Alex Halderman and his team at the University of Michigan,  made news with their recent paper "Green Lights Forever: Analyzing the Security of Traffic Infrastructure," presented at the Workshop on Offensive Technologies (WOOT) at USENIX Security 2014 in August. Their research found that the state's traffic light infrastructure is relatively easy to hijack.  With the permission of the Michigan Traffic Authority, they were able to take control of a system of nearly 100 wireless networked traffic lights and successfully change the light commands.

According to their research:
"With the appropriate hardware and a little effort, [a hacker] can execute a denial of service attack to cripple the flow of traffic in a city, cause congestion at intersections by modifying light timings, or even take control of the lights and give herself clear passage through intersections."
Hacking the traffic lights is possible from half a mile away with nothing more than a laptop and wireless card that operates on the same 5.8-gigahertz frequency as the traffic lights.  Unencrypted wireless signals, default usernames and passwords and the use of a traffic controller were the primary reasons they were able to hack into the lights so easily.

Team members concluded:
"While other deployments may use different wireless radios or even wired connections between intersections we have no reason to believe there are any fundamental differences between the network we studied and other traffic signal systems. We believe that many traffic infrastructure devices created by various vendors and installed by various transportation departments will have similar security properties due to a lack of security consciousness in the entire field."

To read more, a simple google search will yield numerous articles about this research.
The three articles quoted for this blog post are listed below:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.