DefCon: Traffic control systems vulnerable to hacking
Cesar Cerrudo spoke at DefCon about how traffic control systems used in the U.S. and other countries can be hacked.
Traffic control systems used in the U.S. and other countries can be hacked to cause significant traffic problems, or can even be “bricked” to cause millions of dollars in damages to infrastructure.
In a packed session at the DefCon 22 conference in Las Vegas, Cesar Cerrudo, CTO of IOActive Labs, showed how an attacker could carry out denial-of-service attacks and more against the very technology relied on to make the road a safer place.
One of the big reasons why these systems are so vulnerable ultimately boils down to the fact that wireless technology is used.
“Wireless is insecure,” Cerrudo said, explaining that, using a little social engineering, he was able to get his hands on some devices from a particular vendor with 250 customers in 45 U.S. states and 10 countries.
Three pieces are used in this vendor's traffic control system, Cerrudo explained. Wireless sensors go in the road and detect the passing automobiles, and more than 200,000 of these devices are deployed worldwide – with most being in the U.S.
Access points are typically hung on nearby utility poles and communicate with traffic control systems, and repeaters, which are similar to access points, are used to extend range when sensors are too far away from the access point.
Altogether, these devices are part of a system that is designed to adjust traffic lights depending on the traffic volume, as well determine speed limits, Cerrudo said, going on to highlight two significant vulnerabilities in the system.
No encryption is used, meaning wireless communications are all sent in cleartext, and there is no authentication, meaning nothing prevents an attacker from accessing the devices, Cerrudo said. That means an attacker can modify firmware, which could enable them to render devices temporarily, or even permanently, unusable.
“There's a huge volume impact here,” Cerrudo said, explaining that about $100 million worth of equipment could essentially be “bricked” because the cost of these devices runs in the hundreds and thousands of dollars.
And that might not be the worst of it – Cerrudo went on to say that attackers can cause traffic jams or accidents at intersections, ramps and freeways by adjusting speed limits and the length of lights, and also can prevent emergency services from reaching their destinations.
Taking into account that maybe his research would not apply to the real world, Cerrudo showed a video of him hitting the streets of New York City and Washington D.C. with a device he rigged up and placed into a backpack.
“I was able to access the sensor, I was able to see the configuration of them – if I wanted to I could have compromised them,” he said, adding, “I didn't do it.”