The hacking scenes in hollywood
movies has just been a source of entertainment for the technology
industry, like we've seen traffic lights hacked in Die Hard and The Italian Job, but these movies always inspire hackers to perform similar hacking attacks in day-to-day life.
Security researchers at the
University of Michigan have not only hacked traffic light signals in
real life, but also claimed that it’s actually shockingly easy to
perform by anyone with a laptop and the right kind of radio. If we
compare the traffic light hacks in movies and real life, the reality is
much easier.
In a paper
study published this month, the security researchers describe how a
series of major security vulnerabilities in traffic light systems
allowed them to very easily and very quickly seized control of the whole
system of at least 100 traffic signals in an unnamed Michigan city from
a single point of access.
Researchers took permission from
a local road agency before performing the hack, but they did not
disclose exactly where in Michigan they did their research.
‟Our attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage,” the paper explained.
SECURITY HOLES IN TRAFFIC LIGHT SYSTEMS
The team, led by University of Michigan computer scientist J. Alex Halderman, said that the networked traffic systems are left vulnerable to three major weaknesses:
- unencrypted radio signals,
- the use of factory-default usernames and passwords, and
- a debugging port that is easy to attack
This left the network accessible to everyone from cyber criminals to young hackers.
“The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice, but rather show a systemic lack of security consciousness,” the researchers report in a paper.
In
an effort to save on installation costs and increase flexibility, the
traffic light system makes use of wireless radio signals rather than
dedicated physical networking links for its communication infrastructure
- this hole was exploited by the researchers. Surprisingly, more than
40 states currently use such systems to keep traffic flowing as
efficiently as possible.
“The safety critical nature of traffic infrastructure requires that it be secure against computer-based attacks, but this is not always the case,” the team said. “We investigate a networked traffic signal system currently deployed in the United States and discover a number of security flaws that exist due to systemic failures by the designers. We leveraged these flaws to create attacks which gain control of the system, and we successfully demonstrate them on the deployment.”
WIRELESS SECURITY IN QUESTIONS
The
Traffic light systems use a combination of 5.8GHz and 900MHz radio
signals, depending on the conditions at each intersection, for wireless
communication in point-to-point or point-to-multipoint configurations.
The 900MHz links use "a proprietary protocol with frequency hopping spread-spectrum (FHSS)," but the 5.8GHz version of the proprietary protocol isn't terribly different from 802.11n.
The researchers says that anyone
with a laptop and a wireless card operating on the same frequency as
the wirelessly networked traffic light — in this case, 5.8 gigahertz —
could access the entire unencrypted network.
DEBUG PORT
Now,
after gaining access, next was to communicate with one of the
controllers in their target network. This was done very easily due to
the fact that this system’s the control boxes run VxWorks 5.5, a version
which by default gets built from source with a debug port left
accessible for testing.
“By sniffing packets sent between the controller and this program, we discovered that communication to the controller is not encrypted, requires no authentication, and is replayable. Using this information, we were then able to reverse engineer parts of the communication structure,” the paper reads.
“Various command packets only differ in the last byte, allowing an attacker to easily determine remaining commands once one has been discovered. We created a program that allows a user to activate any button on the controller and then displays the results to the user. We also created a library of commands which enable scriptable attacks. We tested this code in the field and were able to access the controller remotely.”
This
debug port allowed researchers to successfully turned all lights red or
alter the timing of neighboring intersections — for example, to make
sure someone hit all green lights on a given route.
More worrying part is the ability of a cyber criminal to perform denial-of-service (DoS) attack
on controlled intersections by triggering each intersection’s
malfunction management unit by attempting invalid configurations, which
would put the lights into a failure mode.
SOLUTION TO PROBLEM
At
last, the team called for manufacturers and operators to improve the
security of traffic infrastructure. It recommended that the
traffic-system administrators should not use default usernames and
passwords, as well as they should stop broadcasting communications
unencrypted for “casual observers and curious teenagers” to see.
"While traffic control systems may be built to fail into a safe state, we have shown that they are not safe from attacks by a determined adversary," the paper concluded.
Moreover, they also warned that devices like voting machines and even connected cars could suffer similar attacks.
0 comments:
Post a Comment