04-30-2014 02:14 PM
It has been a running joke in the tech industry for years that the hacking scenes in movies are, well, a joke. Hackers in hoodies pushing a few keys and taking down the power grid or causing massive traffic pileups by turning all the stoplights green at once. While those scenes provide endless entertainment for security folks, it turns out some of those attacks aren’t so far-fetched.
Cesar Cerrudo, a researcher and CTO at IOActive, decided to take a look at the security of some of the devices that control traffic lights and electronic signs in many cities around the world, and found that not only were the devices vulnerable to a number of attacks, but they could be exploited quite easily and perhaps could be used to spread malware from device to device. Cerrudo said that the vulnerabilities he identified can be exploited from up to a mile or two away with the right equipment.
“The vulnerabilities I found allow anyone to take complete control of the devices and send fake data to traffic control systems. Basically anyone could cause a traffic mess by launching an attack with a simple exploit programmed on cheap hardware ($100 or less),” he wrote in a blog post on the research he conducted.
“I even tested the attack launched from a drone flying at over 650 feet, and it worked! Theoretically, an attack could be launched from up to 1 or 2 miles away with a better drone and hardware equipment, I just used a common, commercially available drone and cheap hardware. Since it seems flying a drone in the US is not illegal and anyone will be able to get drones on demand soon, I would be worried about attacks from the sky in the US.”
08-10-2014 07:07 AM
The following article is a update on Traffic Systems
*******Researcher Finds Potholes In Vehicle Traffic Control Systems******
By: Kelly Jackson Higgins Posted on 8/9/2014
LAS VEGAS — DEF CON 22 — Smart traffic sensor systems that help regulate and automate the flow of traffic and lights contain security weaknesses that could be manipulated by hackers and result in traffic jams or even crashes, a researcher showed here today.
Cesar Cerrudo, CTO at IOActive, here at the DEF CON 22 hacker conference, detailed how he was able to build a prototype access point device that could communicate with the network of sensors, repeaters, and access point devices stationed along roads and highways in some major cities in the US. Cerrudo said he found that the devices communicate traffic information wirelessly in clear text and don't authenticate the data they receive, leavinhttp://www.darkreading.com/vulnerabilities---threats/adva
He said there are some 200,000 wireless Sensys Networks sensors buried below roadways plus repeaters mounted on poles, mostly in the US. The sensors detect vehicles, and that data ultimately dictates the timing of traffic lights and electronic traffic event alerts on the highway.
DarkReading/ Full Article Here/ http://www.darkreading.com/vulnerabilities---threa
08-10-2014 04:00 PM
Amazing how easy it is to cause all kinds of traffic problems.
Thanks for the update on this!
Helpful Webroot Links: