

Hackers Can Mess With Traffic Lights to Jam Roads and Reroute Cars - Irene
http://www.wired.com/2014/04/traffic-lights-hacking

======
cyanbane
I remember back in pre-internet days when BBS file directories were filed with
ways to hack stop lights via pulses from a strobe light. Supposedly if you had
the right pulse (and the cojones to have a pulsing strobe light on the front
of your car) you could mimic the pulse in a siren and get reds to start a
process immediately to switch to greens. Different locations had different
pulse timings and people would find local ones and upload and aggregate them
on some local phreaking BBS'.

Never tried this myself.

~~~
Mandatum
Always thought that was an urban legend. I'm not from the US, however in New
Zealand the lights would never change as an ambulance/police car went past.
They'd just slow down as everyone moved out of their way.

Have witnessed this also for our Prime Minister driving past with a convoy of
police and black SUV's.

~~~
gamerdonkey
In the US, these are certainly real. Apparently, some did use strobe lights to
signal the traffic lights.

[http://en.wikipedia.org/wiki/Traffic_signal_preemption](http://en.wikipedia.org/wiki/Traffic_signal_preemption)

I vaguely have memories of the state legislator having to pass new laws after
the devices were installed because it was not technically illegal to have the
emitter in your vehicle.

~~~
tdfx
Usually only certain traffic signals are equipped with the detectors, but they
do in fact use strobe lights to trigger the light switch and it does happen
immediately. It doesn't work with any emergency lights, though -- a separate,
specific strobe light be must installed to trigger the signal.

------
ryandrake
> “it was found that all communication is performed in clear text without any
> encryption nor security mechanism. Sensor identification information
> (sensorid), commands, etc. could be observed being transmitted in clear
> text.”

> Because the sensors’ firmware is also not digitally signed and access to
> them is not restricted to authorized parties, an attacker can alter the
> firmware or modify the configuration of the sensors.

Who deploys systems out into the wild these days without even giving a moment
of consideration to security? This seems like "amateur hour" systems design.
Did not a single engineer step up and say "Hey, uh, guys, do we want to at
least take basic steps to obfuscate this stuff?"

Sounds like negligence. Not surprising their vice president of engineering has
"nothing more to add to the matter."

~~~
MichaelGG
Who deploys this? People winning contracts and delivering products. The
company even stated that the customers didn't want security so they removed
it. This is potentially even true - if you lose the key to a device in the
ground, you have to dig it up...

The attitude of "eh, no one is really hacking it" is a common one, and might
possibly be the right decision from a business standpoint. And if they get
shamed into changing it, they'll issue some sort of patch, or announce the
Windows utility is no longer available without credentials, and everyone will
rest assured things are OK.

This is really quite common.

------
mindslight
That's certainly a step up from the olden days, when hackers could turn your
computer into a bomb and blow your family to smithereens.

------
coldcode
Hmm maybe Live Free or Die Hard wasn't all that far fetched.

------
WalterBright
With all the facial recognition software, I wonder why they just don't put a
camera on top of the light, recognize traffic coming, and optimize to maximize
flow.

~~~
forgottenpass
Cost, complexity and failure rate.

~~~
WalterBright
1\. I'm sure it's cheaper than burying the wire sensors in the pavement. 2\.
The dev cost is amortized over a million intersections. 3\. Cameras already
exist on many intersections (the red light cameras) 4\. Traffic lights are
already driven by a computer.

Just think of all the gas savings.

------
zmguy
It's even worse, hackers can mess with anything connected directly or
indirectly to the internet.

------
o0-0o
This has civic benefits with traffic, safety, order. What's not to like?

------
Fasebook
Immediately reminds me of Hackers 90's movie and hackers establishing "turf"
over public resources.

~~~
qntmfred
and The Italian Job

~~~
smoyer
Yes! ... at least in the new version (I haven't seen the older version but
just noticed it's on Amazon Prime).

What's scary about that scene is that so much of our infrastructure is
available on the Internet. There are projects scanning for "support systems"
(including the baby monitor in yesterday's story), but most of these system
rely on technology that's older and less well maintained than our computer
systems.

[1] The Italian Job (2003) -
[http://www.imdb.com/title/tt0317740/](http://www.imdb.com/title/tt0317740/)

[2] The Italian Job (1969) -
[http://www.imdb.com/title/tt0064505/](http://www.imdb.com/title/tt0064505/)

~~~
jameshart
The original version also - yes, in 1969 - involves hacking the traffic light
control computer system to cause chaos in Turin. The elite computer hacker who
pulls off this feat by sneaking into the traffic control center and replacing
the reel to reel tape on one of the mainframes is played, rather depressingly
and entirely to type, by Benny Hill. I guess they didn't have the go-to
computer hacker stereotype quite worked out in 1969, but they knew that geeks
had potential as comic relief...

~~~
cormullion
From Benny Hill to Dennis Nedry (Jurassic Park) to The Warlock (Die Hard 4),
the development of the unheroic hacker stereotype; the heroic ones are
slimmer...

