Red Light, Green Light is not just an innocent child’s game anymore. According to a team of researchers at the University of Michigan, it is possible to actually hack into traffic infrastructure to disrupt the flow of traffic and cause safety risks to both drivers and pedestrians.
Five students from the school’s electrical engineering and computer science departments partnered with a local Michigan road agency to hack into almost 100 intersections from a single access point. Their research paper, “Green Lights Forever”, outlines the numerous security flaws they found in traffic infrastructure during their experiment.
Let’s start from the beginning. Traffic lights use either 5.8GHz or 900MHz radios, depending on the conditions at each intersection and the variance in the line of sight. The radios are used for wireless communication to the controllers (usually located on the roadside), which in turn connect to sensors that detect cars and other traffic patterns.
The wireless radio provided the biggest vulnerability to the traffic light system. To increase flexibility and save on network costs, wireless radios were used rather than physical networking links for the infrastructure. Because there is a single access point and no encryption on the wireless network, a would-be attacker does not need to physically tamper with the traffic lights to carry out a hack.
It was also found that the traffic lights studied by the researchers used the default credentials that were built into the device, which can easily be found on the internet. Sounds pretty scary right? Rest assured, not any laptop or device can hack into the traffic system.
A hacker’s laptop or wireless card must operate on the same radio frequency (in this case, 5.8 GHz as it was found the most vulnerable) as the traffic lights in order to access the entire unencrypted wireless network. As it is very simple for an attacker to penetrate the username/password method to hack into a wireless network, certificate-based authentication is highly recommended.
The Michigan team, in their report, emphasized the importance of security being built into wireless devices at their inception rather than down the road. With the appropriate hardware and a little effort, a determined hacker can easily configure traffic infrastructure resulting in potentially devastating consequences.