Hacking Traffic lights is a serious menace for the population, many individuals believe that it is possible only in the movies, but unfortunately is a scaring reality.
‟We investigate a networked traffic signal system currently deployed in the United States and discover a number of security flaws that exist due to systemic failures by the designers. We leverage these flaws to create attacks which gain control of the system,and we successfully demonstrate them on the deployment in coordination with authorities. OOur attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage,”
“The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice, but rather show a systemic lack of security consciousness,” states the paper.
The 900MHz links used in the traffic light systems implement “a proprietary protocol with frequency hopping spread-spectrum (FHSS),” but the 5.8GHz version of the proprietary protocol is similar to 802.11n.“The proprietary protocol is similar to 802.11 and broadcasts an SSID which is visible from standard laptops and smartphones but cannot be connected to. In order to properly connect, a slave radio must use the proper protocol and know the network SSID. The wireless connections are unencrypted and the radios use factory default usernames and passwords. The conﬁguration software for these radios accepts customized credentials but assumes that the same username and password are used across all
radios on the network.” states the paper.
“By sniffing packets sent between the controller and this program, we discovered that communication to the controller is not encrypted, requires no authentication, and is replayable. Using this information, we were then able to reverse engineer parts of the communication structure,” the paper reads.
Once again an unprotected communication allowed the researchers to reverse engineer the protocol used in the communication, once controlled the debug port the experts were able to send commands to control lights or alter the timing of neighboring intersections.
“Various command packets only differ in the last byte, allowing an attacker to easily determine remaining commands once one has been discovered. We created a program that allows a user to activate any button on the controller and then displays the results to the user. We also created a library of commands which enable scriptable attacks. We tested this code in the field and were able to access the controller remotely.”
“While traffic control systems may be built to fail into a safe state, we have shown that they are not safe from attacks by a determined adversary,” the paper concluded.