It’s a tense scene. The hero is trying to get across a crowded city during rush hour to stop the dastardly villain when suddenly type-type-type, the villain hacks the city’s traffic lights and causes chaos. Nonsense, right? Nope. Turns out, that tired old trick is actually fairly easy to pull off. Hope you didn’t have any villains to stop today.
In a paper beautifully titled “Green Lights Forever: Analyzing the Security of Traffic Infrastructure” a team of researchers at the University of Michigan tested the traffic light system of an undisclosed city in Michigan with the cooperation of that city’s road department. They exploited the fact that the traffic light system used 5.8GHz and 900MHz radios, not hard-wired networks to communicate.
Neither frequency was particularly secure, but the 5.8GHz was the easiest to exploit. In the paper, the authors wrote:
None of the radios used in the network we studied made any attempt to conceal or encrypt their traffic. In the case of the 5.8 GHz radios, any attacker with a wireless card capable of 5.8 GHz communication is able to identify the SSIDs of infrastructure networks.
The protocols for the 5.8GHz connection are similar to those of 802.11 used in laptops and smartphones. Those devices can see the networks for the traffic lights easily, but connecting is more involved so the team simply used the same model of radio that was used for the network.
The authors describe different scenarios attackers may use, including locking all lights to red to completely hold up traffic, or a slightly less severe version where disruptions to the network are simply used to slow traffic down. Interestingly, they also suggest that a person would be able to automatically change lights to green automatically as they approach.
Since figuring out how to hack a city’s traffic lights and then publishing what is essentially an instruction manual for doing it could be considered irresponsible, the research team also included recommendations for how cities might better protect their traffic light networks. Their recommendations include firewalls, wireless security, firmware updates, and changing the default credentials to the networking equipment. Basically all the same stuff geeks do when their grandparents buy a new router.
You can read the full paper online here for more details about
how to totally hack traffic lights! how the team performed their research.