Researchers demo hack to seize control of municipal traffic signal systems

"" Enlarge
Michigan computer science researchers have demonstrated security flaws that exist in traffic control systems now in use throughout the country, leaving them vulnerable to attack.

Imagine the chaos that would ensue if an attacker were able to take control of a municipal traffic signal system, turning all lights simultaneously green to create massive gridlock and numerous collisions. Or a scenario in which criminals manipulate signals to create a getaway path or to block pursuing law enforcement. Could this happen in reality?

Computer science researchers working with Prof. J. Alex Halderman have demonstrated that a number of security flaws do indeed exist in commonly-deployed networked traffic signal systems that leave the systems vulnerable to attack or manipulation.

Their findings, published in the paper “Green Lights Forever: Analyzing the Security of Traffic Infrastructure,” were presented at the 8th USENIX Workshop on Offensive Technologies (WOOT ’14) on August 19, 2014.

The researchers, who included graduate students Branden Ghena, William Beyer, Allen Hillaker, and Jonathan Pevarnek, arranged with a road agency in Michigan to investigate a networked traffic signal system of a type commonly deployed in the United States and discovered a number of security flaws that exist due to systemic failures by the designers. They leveraged these flaws to create attacks and gain control of a system of almost 100 intersections, successfully demonstrating their attacks in coordination with authorities to ensure public safety. These simulated attacks showed that an adversary could control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage.

Traffic systems typically use wireless radios to communicate, and the researchers found security flaws in these connections that allowed them to access the traffic lights. Other security issues with the traffic light controller allowed the team to change lights on command.

Of significance, the researchers report that “the vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice, but rather show a systemic lack of security consciousness. We use the lessons learned from this system to provide recommendations for both transportation departments and designers of future embedded systems.”

****

Prof. Halderman is a noted computer security expert whose research places an emphasis on problems that broadly impact society and public policy. His interests include software security, network security, data privacy, anonymity, electronic voting, censorship resistance, digital rights management, computer forensics, ethics, and cybercrime, as well as the interaction of technology with law, governmental regulation, and international affairs. He is the director of the Center for Computer Security and Society.