- QAnon-touting congressman sneaks ‘Epstein Didn’t Kill Himself’ into tweets Wednesday 7:12 PM
- Ocasio-Cortez met a famous drag queen–and the right melted down Wednesday 6:09 PM
- Woman says Lyft driver tried to kidnap her Wednesday 5:18 PM
- Debunking the right-wing conspiracy theories from today’s impeachment hearing Wednesday 4:29 PM
- Maroon 5 approves of the latest TikTok trend Wednesday 3:54 PM
- ‘One month left in the decade’ meme wants to know what you’ve accomplished Wednesday 3:53 PM
- Facebook Pay is the latest way to send your friends money Wednesday 3:31 PM
- Diving into ‘The Mandalorian’s first big shocker Wednesday 3:17 PM
- Disney+ will allow password sharing—to an extent Wednesday 1:12 PM
- Black server says manager refused to discipline coworkers who sent racist receipt Wednesday 12:47 PM
- Who is Jonah Hauer-King, Disney’s new Prince Eric? Wednesday 12:47 PM
- Cut Katherine Langford ‘Avengers: Endgame’ scene lands on Disney+ Wednesday 12:22 PM
- Planned Parenthood app to show abortion-seeking users their nearest options Wednesday 12:21 PM
- ‘The Imagineering Story’ offers touching insight into Walt Disney’s vision Wednesday 11:57 AM
- YouTube mom who was charged with child abuse dead at 48 Wednesday 11:39 AM
Hacking traffic lights is insanely easy. Here’s how.
Every driver’s dream is suddenly a reality.
It has long been a dream of drivers the world over to make traffic lights instantly flip from red to green with the push of a button. A study published this month by computer scientists at the University of Michigan found that not only is hacking traffic signals to do your bidding possible, but it’s actually shockingly easy.
First getting permission from local authorities, the researchers used little more than wireless-enabled laptops to remotely hack into the network controlling the traffic lights in an unnamed Michigan city. ‟Our attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage,” the paper’s authors explained.
When automatic traffic signals were first rolled out in the United States in the late 1800s, they operated mechanically as stand-alone units. However, as time wore on and technology advanced, most traffic signals evolved into computers, often connected to a larger network of other traffic lights through wireless technology and running through a central server. While these advances allow traffic signals to coordinate with each other more efficiently, it also opens those systems up to attack by hackers who no longer need to open up the physical devices in order to change their behavior.
Using computers that could communicate at the same frequency as the traffic signals, the team was able to intercept communications on the network and execute fraudulent commands across the entire system.
The researchers found that the system wasn’t particularly secure. Not only were the wireless communications between the traffic signals and the central server being sent unencrypted, but the passwords on the devices were set to their factory defaults—meaning anyone able to download a copy of the user’s manual off the Internet could crack them by simply turning to the right page.
‟The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice,” the study noted, ‟but rather show a systemic lack of security consciousness.”
The study posits that hackers could mount a whole range of attacks on traffic light systems. The authors speculate about denial of service attacks that could stop all lights from operating normally; traffic congestion attacks that subtly throw off the timing a light relative to its neighbors as to increase congestion without a high risk of detection; and light control attacks, where someone could ensure he or she only hits green lights wherever they happen to be driving.
The authors added that, even though traffic light systems around the country differ in their specific implementations, they don’t believe that others are necessarily significantly more secure than the one they were able to easily hack into. Vox notes that an estimated 62 percent of traffic lights in the United States are networked in a similar manner.
This study isn’t the first time someone has addressed insecurity of of traffic lights. Earlier this year, an Argentinian security researcher with IoActive presented similar discussion at at cybersecurity conference in Florida showing how someone could build a device for hacking traffic lights for under $100.
Additionally, at least one enterprising hacker has produced a step-by-step guide for building your own specialized controller for hacking traffic lights from the comfort of your own home.
The authors of the University of Michigan study charge that the problem of paying insufficient attention to cybersecurity concerns is endemic across the entire traffic signal industry. They conclude:
A clear example can be seen in the response of the traffic controller vendor to our vulnerability disclosure. It stated that the company, “has followed the accepted industry standard and it is that standard which does not include security.” The industry as a whole needs to understand the importance of security, and the standards it follows should be updated to reflect this. Security must be engineered into these devices from the start rather than bolted on later. Until these systems are designed with security as a priority, the security of the entire traffic infrastructure will remain at serious risk.
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.