Several months ago, one particularly clever and well-accomplished hacker discovered a wide-open vulnerability in the traffic control systems of huge U.S. cities, including Washington, New York City, San Francisco, Los Angeles, and Seattle that allows him—or anyone, really—to take control of sensors that manage traffic lights around the city.
Cesar Cerrudo, Chief Technical Officer at IOActive Labs, showed off the vulnerability in New York City earlier this year. Now, he’s showing the world just how easy it is to jump deep inside and take control of Washington, D.C.’s traffic system with a new YouTube video.
Cerrudo stressed that “no hacking was performed” to create the video—he merely looked at the data with a wireless sniffer and access point in order to confirm that nothing was encrypted, “and that sensors and repeaters could be completely controlled with no authentication necessary.”
The vulnerable sensors, manufactured by Sensys Networks, can be found around the world in cities in the United Kingdom, France, Australia, China, and more. The sensor, described as “ virtually maintenance free,” costs about $500.
“Approximately $100,000,000 of vulnerable equipment is buried in roads around the world that anyone can hack,” Cerrudo wrote.
Cerrudo, who will deliver a presentation on this subject at the 22nd Def Con hacker conference in Las Vegas next month, said that Sensys Networks was uncooperative—and that lack of cooperation is exactly what drove him to perform live research on real deployments in various U.S. cities.
Cerrudo says his presentation “will tell the whole story from how the devices were acquired, the research, on site testing demos, vulnerabilities found and how they can be exploted, and finally some NSA style attacks.”
“Oh, I almost forgot,” Cerrudo added. “After this presentation, anyone will be able to hack these devices and mess traffic control systems since there is no patch [is] available (sorry didn’t want to say 0day ;)) I hope that after this I still be allowed to enter (or leave?) the U.S.”
Sensys did not respond to our request for comment. Several months ago, however, the company’s vice president of engineering told Wired that the Department of Homeland Security was “happy with the system.”
Photo via Patrick Nouihaller (CC BY SA 2.0)