Basic digital infrastructure security exposed
Researchers from University of Michigan hacked into the wirelessly connected traffic light system of Michigan, with permission from the local authorities, to demonstrate that there are security flaws in the traffic light system.
The research led by University of Michigan computer scientist J. Alex Halderman of found out that the wireless connection was unencrypted which could make it vulnerable to attacks, and anyone with a computer could communicate at the same frequency as that of the unencrypted network through the one point access.
They found out that the use of default username and password by the authorities make the system more vulnerable, and they also found a debug port which could become an easy target.
After getting access to one of the controllers within the system the researchers were able to turn all the lights red and alter the timing of intersection.
The researchers said in their paper titled Green Lights Forever: "The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice, but rather show a systemic lack of security consciousness."
"We use the lessons learned from this system to provide recommendations for both transportation departments and designers of future embedded systems."
The researchers have recommended some suggestions to improve the security of the traffic light system which included change of the default username and password, and encrypting the communications so that observers are unable to read the signals.