Hackers have the ability to take over entire cities' traffic light systems, according to security researcher company IOActive.
The researchers claimed in a recent post that the traffic control systems of major US citiesare at the mercy of hackers, who can create traffic snarls by sending vehicles in the wrong direction.
According to IOActive security researcher Cesar Cerrudo, the vulnerable system is Sensys Networks' VDS240 wireless vehicle detection systems, which have been installed in major US cities and countries.
Cerrudo added that the systems include magnetic sensors which are installed in roadways to feed traffic data to access points and repeaters, which in turn send the data to traffic controllers.
Due to a lack of security protection including encryption and authentication, incorrect data can be sent to traffic controllers to create traffic chaos.
Cesar Cerrudo said in the blog post that the vulnerabilities can allow anyone to take complete control of the devices and send fake data to traffic control systems.
"Basically anyone could cause a traffic mess by launching an attack with a simple exploit programmed on cheap hardware ($100 or less)," Cerrudo explained.
"I even tested the attack launched from a drone flying at over 650 feet, and it worked! Theoretically, an attack could be launched from up to 1 or 2 miles away with a better drone and hardware equipment, I just used a common, commercially available drone and cheap hardware."
More than 50,000 such 'vulnerable' devices have been deployed worldwide, with most of them being deployed in the US.
City traffic in countries like the UK, China, Canada, Australia, France have also deployed these systems.
London, Shropshire, Slough, Bournemouth, Aberdeen, Blackburn with Darwen Borough Council, Belfast all use the technology.
Cerrudo said that Australia has deployed the systems in Monash - CityLink - West Gate Upgrade in Melbourne, which is one of the most important and modern freeways in the country.
The security researcher added: "What worries me the most is that if a vulnerable device is compromised, it's really, really difficult and really, really costly to detect it. So there could already be compromised devices out there that no one knows about or could know about."
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...
Absolute® Software specialises in technology and services for the management and security of mobile computers and smartphones.
Established in 1957, BCS, The Chartered Institute for IT, promotes wider social and economic progress through the advancement of information...
M86 Security is a global provider of web and e-mail security products. We are the only security company able to provide integrated, reliable and...