Motorists drive by traffic lights
every day and trust they will work. But NBC 5 Investigates found that
as more cities turn to wireless traffic systems, some of those systems
are unprotected and open to a cyber-attack.
“We
implicitly trust these devices,” said Branden Ghena, a University of
Michigan PhD student who studies how easy it is to manipulate
electronics. “We drive through the intersection knowing that red means
we should stop and green means we should go and there’s not going to be
any trouble. The light will work as intended.”
“We
could actually make the lights all red,” said Ghena. “We could change
the light to be green in our direction. These are clearly not the
intended behavior of these systems.”
Ghena
and a research team at the University of Michigan discovered that with a
basic laptop and a wireless radio it could hack into the software
system of a company called Econolite. The research team worked with a
road crew to make this happen. And In their experiment, Ghena says they
were able to manipulate more than 1,000 traffic lights in one town alone
– turning red lights green, and green lights red.
“It was surprisingly easy,” said Ghena.
The reason is simple.
“It
doesn’t have passwords on it or encryption on the wireless
communications,” said Ghena. “They’re basic things, but they’re not
enabled by default because the vendor wasn’t thinking about that and
assumed the road agency would do something. And the road agency assumed
they were good enough the way they came.”
NBC5
Investigates discovered similar vulnerabilities with another company
called Sensys Networks, which controls wireless traffic systems in major
hubs including Washington DC, Los Angeles, New York City, San Francisco
and Chicago.
Just
two months ago the U.S. Department of Homeland Security issued this
advisory, warning of these “vulnerabilities” after learning about the
research of Argentinian security expert Cesar Cerrudo. Cerrudo used a
cheap drone flying hundreds of feet above to show how he could hack into
Sensys’s traffic signals below.
“The
problem is that it’s not protected information,” said Cesar Cerrudo,
Chief Technology Officer for IOActive Labs. “I just programmed it to
send fake data to the traffic control system so I can make them do
things they are not supposed to do.”
Here’s
how a traffic control system works: There are sensors buried in the
road that detect cars. That information is then sent to the access point
which is connected to the traffic control system and controls the
lights. And all of this is done wirelessly.
These Sensys Networks systems are used in 10 countries, 45 states, and throughout Illinois.
“(Cerrudo)
did identify an area where we had not encrypted the data stream,” said a
Sensys Networks spokesman, during a phone conversation with NBC 5
Investigates. He also explained that the company recently issued a
software fix, but that it is up to each city, whether to use the fix -
and that some cities across the us could still be vulnerable.
NBC 5 Investigates
had a lengthy phone conversation with the spokesman from Sensys
Networks. We offered the company the opportunity to answer our questions
in an on-camera interview. It declined and instead provided us with
this two-page statement.
A
spokesman from the Chicago Department of Transportation tells us of
the 3,100 intersections in Chicago, only 12 of them utilize Sensys
Networks wireless technology. But he could not say whether the city has
upgraded the software to make Chicago’s traffic lights more secure.
“They
are as vulnerable as any cellphone system,” said Transportation
Engineer Erick Rivera, who has worked with both Sensys Networks and
Econolite traffic systems
Without passwords or encryption, these systems are only as secure as your basic cell phone.
“If the person is able to hack into one intersection, it could mess up an entire corridor,” said Rivera.
Security researchers say simply using passwords and encrypting the systems could prevent future attacks.
“The
real attacks here are where you clog up congestion in a city so you can
turn all the lights to red and people will be stuck in traffic jams for
hours,” said Ghena.