Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Researchers Find Easy To Exploit Bugs In Traffic Control Systems

samzenpus posted about 9 months ago | from the red-light-green-light dept.

Security 50

Trailrunner7 (1100399) writes "It has been a running joke in the tech industry for years that the hacking scenes in movies are, well, a joke. Hackers in hoodies pushing a few keys and taking down the power grid or causing massive traffic pileups by turning all the stoplights green at once. While those scenes provide endless entertainment for security folks, it turns out some of those attacks aren't so far-fetched. Cesar Cerrudo, a researcher and CTO at IOActive, decided to take a look at the security of some of the devices that control traffic lights and electronic signs in many cites around the world, and found that not only were the devices vulnerable to a number of attacks, but they could be exploited quite easily and perhaps could be used to spread malware from device to device. Cerrudo said that the vulnerabilities he identified can be exploited from up to a mile or two away with the right equipment."

Sorry! There are no comments related to the filter you selected.

LAX (2, Funny)

JustOK (667959) | about 9 months ago | (#46885413)

Yah, and LAX had probs today. Coincidence?

Re:LAX (2, Funny)

ColdWetDog (752185) | about 9 months ago | (#46885453)

Never attribute to malice that which is adequately explained by incompetence.

Re:LAX (2)

sexconker (1179573) | about 9 months ago | (#46885479)

Never attribute to malice that which is adequately explained by incompetence.

Why not? Because you like the sound of that quote?

Re:LAX (2)

beelsebob (529313) | about 9 months ago | (#46885655)

No, because it turns out that the quote is right most of the time.

malice vs. incompetence fight! (2)

turkeydance (1266624) | about 9 months ago | (#46885521)

tonight's referee is ignorance.

Re:LAX (0)

Anonymous Coward | about 9 months ago | (#46885743)

Or the lowest bidder, which is probably just an example. But is it an example of malicious boards padding their pockets? Or incompetent contractors padding their pockets?
I've found you can spend a lot of money and not get the best. But you can always buy REALLY cheap junk.that isn't intended for the job at hand.

Re:LAX (1)

Anonymous Coward | about 9 months ago | (#46886551)

Never attribute to LAXatives that which is adequately explained by incontinence.

Re:LAX (1)

Z00L00K (682162) | about 9 months ago | (#46886937)

The security model is on a level that match the daily users of the system. When high tech is placing out cones and operating a shovel then a password more complicated than ABC123 will just result in a temporary sign not being used, it's easier to put up more cones instead. Or park a truck in the lane you want to block.

Re:LAX (3, Funny)

BronsCon (927697) | about 9 months ago | (#46885461)

LAX: It's not just an airport, it's our security model!


billstewart (78916) | about 9 months ago | (#46887359)

Most traffic light controllers used to be relatively immune to hacking; if they weren't the dumb relay versions, they had at most a 4-bit microcontroller. Some of the newer systems can do a lot more, coordinating timing and the like, but with the older ones, the most you could do was emulate the emergency vehicle "make the lights green in my direction" feature.

But signs? Yeah, they've got potential. I've never been tempted to change them significantly, but some days I've really wanted to shorten 3-panel messages down to 1 or 2, so that you could figure out what they're trying to say while driving by at whatever speed the highway is doing.


mrchaotica (681592) | about 9 months ago | (#46898173)

some days I've really wanted to shorten 3-panel messages down to 1 or 2, so that you could figure out what they're trying to say while driving by at whatever speed the highway is doing.

Whoever programmed such a 3-panel message is irresponsible. There is long-established research (mostly by a researcher at Texas A&M named Conrad Dudek) that gives guidelines for how to design CMS messages, and one of the most basic guidelines is "motorists don't have time to read 3 screens worth of information."

(Some of that research is pretty interesting, especially if you're working in a traffic management center, it isn't rush hour, and you have nothing better to do.)

By the way, fixed CMSs managed by people for whom it is their full-time job are much more likely to have reasonable messages than the portable CMSs used in construction zones. I look forward to the day when they finally install some damn modems in the things so they can be managed from the TMC...

Easy peasy (5, Informative)

kimvette (919543) | about 9 months ago | (#46885445)

Easy but regulated by federal law.

http://en.wikipedia.org/wiki/T... [wikipedia.org]
http://www.themirt.com/ [themirt.com]
http://boingboing.net/2006/04/... [boingboing.net]
http://www.advancedtraffic.com... [advancedtraffic.com]

There are several standards in use - ~10Hz, ~12Hz, and ~15KHz

Re: Easy peasy (1)

supersat (639745) | about 9 months ago | (#46885489)

Part of the trailer shows a TI SmartRF 802.15.4/ZigBee sniffer. It's probably unrelated to the traffic prioritization signals.

This just in... (1, Insightful)

Anonymous Coward | about 9 months ago | (#46885507)

Things that can be hacked:

Your front door: battering ram, sledgehammer, or even less for most doors. How often is nobody home and your home vulnerable to this simple attack?

All glass windows, especially those thin ones on residential homes.

Banks, bring a gun and a note.

Why aren't these things a problem? Because: a) most people aren't schmucks, and b) for those who are, there are police who enforce laws and generally keep order - find people who cause mayhem, arrest them and remand them for judgement.

Incase anybody thinks they are invisible when using a computer and thus immune to capture and prosecution, put yourself in category b) above, try making big mayhem as described in TFA and see how long you get away with it.

Signed: AC

Re:This just in... (2, Insightful)

Anonymous Coward | about 9 months ago | (#46885943)

Yes, and traffic signals are susceptible to failure by bulldozing. There is a difference between brute forcing something in a way that is immediately obvious, and using some subtlety that can put time and distance between the cause and noticed effect. You could knock down a door, or learn various lock picking methods, some of which require very little time and skill, and use a locked door without getting noticed for possibly a long time (unless you do something stupid).

Re:This just in... (0)

Anonymous Coward | about 9 months ago | (#46887861)

If somebody smashes all the traffic lights, at least drivers will notice that there is something missing, and may slow down to anticipate an abnormal traffic situation.
However, if the traffic light looks perfectly normal, and the light is green, people will not think much of it, and cross. If the light is green both sides, this is a big problem.

The issue here is not if and how to catch the hackers. It's to protect potential victims. I know that this is becoming a cliche with all the War on Terror. However, the traffic lights in your neighborhood won't be on the Al Quaida hit list. But some local guy may want to try to see if they can hack it and make a funny movie.

Duh... (1)

the_skywise (189793) | about 9 months ago | (#46885535)

Anybody who saw the Hackers movie would've noticed that...


Re:Duh... (0)

Anonymous Coward | about 9 months ago | (#46885597)


low impact (1)

CarsonChittom (2025388) | about 9 months ago | (#46885555)

I'm just not convinced that an attack on traffic lights, even if successful, would have that much impact. Would there be more accidents, and potentially injuries? Absolutely. But on the scale of the country? Most folks pay attention to more than just what the light says—if another car is speeding crossways, they're going to stop, even if they themselves have a green light.

I'm willing to be convinced, but I just don't see it.

Re:low impact (1)

JustOK (667959) | about 9 months ago | (#46885603)

My grandfather died waiting for the light to turn green, you insensitive clod!

Re:low impact (0)

Anonymous Coward | about 9 months ago | (#46886013)

Really? You're still doing this fucking "insensitive clod" shit? How long has it been? Eight? Ten years? Of the same fucking joke.

Jesus Fucking Christ, no wonder this website is in the toilet.

Re: low impact (0)

Anonymous Coward | about 9 months ago | (#46886377)

- posted from my phone on the toilet

Re:low impact (1)

JustOK (667959) | about 9 months ago | (#46887671)

He JUST died. It was a long light.

Re:low impact (3, Informative)

pipedwho (1174327) | about 9 months ago | (#46885819)

It is unlikely that the controller is able to set multiple cross signal lights to green at the same time. I did some work on one these systems about 20 years ago, and it contained circuitry (and physical switches to set the system) to lock out that kind of thing from happening (due to either a bug in the code, a failed code update, or in this case a hack). I assume newer units would have a small supervisory microcontroller to detect other anomalies, but either way if something went wrong the circuitry forced all light stacks to flash orange.

This doesn't mean there aren't safety critical systems out there that have been designed by cowboy or non-embedded coders (like the current crop of ATMs that are far slower and unresponsive than previous models and probably have never felt the touch of an embedded systems expert).

But, it is unlikely that a hack can cause accidents, beyond frustrating motorists by setting the lights red, or forcing one set continuously green.

Re:low impact (1)

xfade551 (2627499) | about 9 months ago | (#46887225)

Yeah, it would be pretty easy to program a GAL or an FPGA to output an "all-red" signal if there are conflicting signal conditions output by the microcontroller. (A traffic-light controller built with only such parts is a common 200- or 300-level Electrical Engineering class project). I would be surprised if real traffic light controllers did not have such a safety module.

Re:low impact (3, Informative)

LoyalOpposition (168041) | about 9 months ago | (#46888295)

I would be surprised if real traffic light controllers did not have such a safety module.

They do. I worked for a company in 2005 that designed and manufactured traffic light controllers. We bought a standard module from a different company that just watched for conflicting signals, and switched the intersection to all flashing red if it ever saw one. Of course, it was a micro-computer, not an Electrical Engineering class project, but it wasn't connected to the internet and it didn't have any wireless communications ability, so it couldn't be hacked by anything short of physical presence and hand tools.


Re:low impact (1)

xfade551 (2627499) | about 9 months ago | (#46889071)

I mainly mentioned the class project to point out that it can be done at the hardware level without too high a grade of difficulty.

Re:low impact (1)

daid303 (843777) | about 9 months ago | (#46887497)

I worked in this area 5 year ago. The switches have been replaced by a 2nd CPU which handles safety, and cannot be overridden from the main CPU.

So, all-green cannot happen. But the systems are far from safe. System I worked on was based on Linux, had pretty much an open-telnet server running. But is intended to run on a private network, not connected to the internet. However, connecting to this network you could own all the lights in seconds.

But, as you say, the value of this would be low. You could disrupt traffic flow for a while. But that's it.

Re:low impact (0)

Anonymous Coward | about 9 months ago | (#46891667)

ATMs are running Windows. Its a joke, really it is. I might have hypotheticly watched a person hack a ATM while waiting to use it. I dont use them anymore.

Re:low impact (2)

drinkypoo (153816) | about 9 months ago | (#46886441)

Most folks pay attention to more than just what the light says

Lots of people don't pay any attention at all. That's why defensive driving is so important; someone must be paying attention, and assuming the other person isn't.

Sign story (4, Funny)

grub (11606) | about 9 months ago | (#46885599)

Back in the mid 80s I ran a BBS (Demented Data Systems) We used to to crap like run scans looking for modems. Anyhow, one of the users found something interesting: an electronic sign on top of a downtown office building here was accessible by modem with no password or anything. Just a banner with the company name, sign location and menu.

He set up a scroll for sometime late one particular evening saying "CALL DEMENTED DATA SYSTEMS - 555-5555 (insert real phone number). So that evening after many beers, the band of drunken ~18 year old geeks went out to the street corner across the road and watched. Sure enough, after what seemed like ages of waiting, there it was scrolling across the screen.

So, yeah, in the olden days some crap was pretty easy to play with.

Re:Sign story (5, Insightful)

greenwow (3635575) | about 9 months ago | (#46885683)

Great story. I really do miss wardialing.

Re:Sign story (1)

Anonymous Coward | about 9 months ago | (#46885719)

Apparently the moderators are newfags and aren't old enough to understand the term war dialing. There's absolutely no reason your post should have been moderated as trolling. It's sad how often the children here attack things they don't understand.

Re:Sign story (3, Insightful)

grub (11606) | about 9 months ago | (#46885735)

They still have wardialling, it's called nmap. :)

Re:Sign story (0)

Anonymous Coward | about 9 months ago | (#46887533)

automated systems used by telemarketers often use the same strategy... it's still in use, but you're just on the wrong end of the call.

The issue with movies isn't what gets hacked (3, Insightful)

DMUTPeregrine (612791) | about 9 months ago | (#46885617)

The issue with movies isn't what gets hacked, it's how fast the hacking happens. The hacker sits down at a computer, types some code for 10 seconds, doesn't compile it, and hacks a system they've never encountered before. There's no months of research to find a vulnerability, no scans of the target to find a known hole, just a bit of quick typing and then havoc ensues.

Real havoc takes work. It takes hours of looking through the output of a debugger and disassembler, running a fuzzer, etc, etc.

Sneakers movie was good with how stuff really work (2)

Joe_Dragon (2206452) | about 9 months ago | (#46885695)

Sneakers movie was good with how stuff really worked

Re:Sneakers movie was good with how stuff really w (0)

Anonymous Coward | about 9 months ago | (#46887319)

Also "War Games" presented hacking honestly. Mathew did a lot of research, found the person who designed the system, then researched the live of this person to find a backdoor password. The movie showed it took weeks of research.

And of course the term 'war dialling' and eventually 'war driving' was inspired by this movie.

Do you like to play a game?

Re:The issue with movies isn't what gets hacked (0)

Anonymous Coward | about 9 months ago | (#46886029)

The only people that even remotely think movies try to portray "hacking" in an accurate light... are fucking hackers. Everyone else understands that it's a fucking movie, not a goddamn documentary, and that some leeway is needed to get to the point in the confines of an hour and a half.

Yet fucktards on this shit site and others still complain about how unrealistic it is.

Yeah, no shit. It's also unrealistic that any "hacker" has ever looked like Angelina Jolie.

Re:The issue with movies isn't what gets hacked (0)

Anonymous Coward | about 9 months ago | (#46886173)

Your right. Kristina looks better.


Re:The issue with movies isn't what gets hacked (1)

Agent0013 (828350) | about 9 months ago | (#46888253)

For Hackers at least, I assumed (or suspension of disbelief trick) they were using hacks they had already figured out previously. I am referring in particular to when they were having the contest to harass the Secret Service guy. But I do get your point and other hacks in that movie and other movies do seem to happen pretty quickly with very little work.

Wanco signs (0)

Anonymous Coward | about 9 months ago | (#46885773)

At a previous position, I worked for a large university who had a number of wanco signs (tailers that are the programable text signs). They added a cell modem after the initial purchase as there were a number of them that ended up being semi-permanently in the middle of the road and the idea of updating them from a laptop from a parked vehicle vs hooking a laptop up in the middle of the road was appealing.

One day, a bunch of evacuation messages appeared on all of our signs; it turns out a number of our signs where one digit off (area code) from a similar group of signs in Florida. It turns out the only security on them was you needed the software to do the update (I suspect there was no encryption, so if you packet sniffed you could easily reverse engineer them), so once you had the software you could update any sign once you learned its number.

Could you imagine the panic you could cause with one of them? Warnings about a terrorist attack (causing panic) or even just a natural disaster.

Re:Wanco signs (1)

Agent0013 (828350) | about 9 months ago | (#46888269)

I remember a couple of years ago there was a sign like those that was "hacked" to show a message about a zombie outbreak. That is a pretty good one.

can you link to the actual story please? (1)

Anonymous Coward | about 9 months ago | (#46885953)

We have here a post with a summary linked to a summary that is linked to the actual article. Imagine the number of Facebook and Twitter shares Of this /. piece that will end up being summaries linking to a summary linking to a summary linking to the article. Silliness.

Right Angle Horror Show (1)

Anonymous Coward | about 9 months ago | (#46886195)

Although the design of newer signals in 1970 took great pains to avoid green lights on all sides of a signal it actually happened in Ft.Lauderdale about 1970 and the consequences were dramatic and involved injuries. Payment to victims was avoided as the company that installed the light pointed at the company that built the equipment who pointed at the company that shipped the light and then they pointed at the city as the city owned the light. They turned it into a game of being unable to point to the responsible party. It is astounding to see businesses do a cover up that was probably organized by all involved except for the people who were mutilated.

Re:Right Angle Horror Show (1)

davidwr (791652) | about 9 months ago | (#46886465)

In some states cities have immunity from being sued, so you don't even have to play the "blame each other game" - just make sure the city winds up with the blame.

Jams, yes, all-green-lights, probably not (3, Insightful)

davidwr (791652) | about 9 months ago | (#46886447)

I can see a hack that messed up the timing of traffic lights to create a traffic jam, but unless things have changed in the last decade or two, traffic lights in my country have "both way green light detectors" safeties.

If a light detects that it is green and a "conflicting" light is also green, the whole system will reset to a "safe mode" such as a 4-way flashing-red-light.

So, yeah, I think scenarios where a hacker or evil-computer-that-takes-over-the-city that turns the lights to green-in-all-directions is a bit far-fetched.

If I'm wrong, either the traffic engineer who didn't order the safeties put in, the installer who put the wrong thing in, or the manufacturer who didn't build the safeties safe enough needs to be called on the carpet.

Re:Jams, yes, all-green-lights, probably not (1)

SharpFang (651121) | about 9 months ago | (#46917547)

As one who works with these currently, I can confirm.
The main CPU has its software written in such a way, that you can't force green on two conflicting directions. Simply, the traffic program won't allow them, not through some emergency modes but just not starting a conflicting green until the prior one is lit and sufficient time after it went off was elapsed.
You could try to override it, say, redefining signal color definitions, "green is the new red", or even try to short-circuit the wires. But that is detected by the hardware and then the supervising CPU kicks in and simply trips the contactor disabling power to the signal lights. No 'emergency mode' which could still light up green in case of short circuit, no trying to make output modules not to output any signals in case a triac is fried, just general power off through a mechanical switch. (also, any output module that reports some kind of fault and doesn't get a reply within 300ms, it trips the same contact.)

What the attacker -could- do is change the traffic program - redefine assignments of signal groups, change the collision matrix - making both processor simply not see two groups as colliding. But to do so, they would need access to some highly specialized software for generating traffic programs, or painstakingly reverse-engineer the file already present in the controller, not a small feat.

Dumb (0)

Anonymous Coward | about 9 months ago | (#46887821)

These mostly aren't even connected to a net at all.
So a hack require physical access and would definitely be classified as a terrorist event. It also requires a high degree of knowledge of the infrastructure involved and likely postgraduate level of intellectual insight when it comes to conceiving and executing said hack. Not some script kiddie or dot russian criminal gangs thought of what would be productive or low hanging fruit.

Nobody focused on security (0)

Anonymous Coward | about 9 months ago | (#46890131)

Back when developers were doing these applications. They thought they were basically a closed end system that would not be subjected to hacking. This article is very much like a lot of scare articles that make for good reading and reek of Chicken little theories but show little actually events. Yes, we may actually have to consider this threat more as local systems become connected to larger networks. Such as a national electrical grid meant to monitor on a larger scale the system.
Traffic signals are certainly hackable but today most hacks spend time of things that will make them money not just for kicks or risk doing time for a crime of causing bodily injury to people who were caught in the effects of signal hacking. We do need to be more focused on security even on dedicated applications as we learned with the Stuxnet virus you can engineer a virus to affect certain hardware.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?