
Researchers find it’s easy to hack traffic lights - privong
http://arstechnica.com/security/2014/08/researchers-find-its-terrifyingly-easy-to-hack-traffic-lights/
======
cortesoft
I remember seeing a talk at RSA a couple of years ago about the plausibility
of the "Italian Job" type attack, where they make all the lights green and
cause everyone to crash.. they said that sort of thing was impossible because
there is a mechanical switch that prevents both lights from being green at the
same time.

So at least an attacker couldn't cause those sorts of accidents, even if they
could totally mess up the system.

~~~
toomuchtodo
This was true back in the mechanical era when a drum was used for control; you
physically could not engage multiple directions as green at the same time. I
do not believe this is the case now that control is done with
software/firmware.

Example Controllers: [http://www.mccain-
inc.com/controllers.html](http://www.mccain-inc.com/controllers.html)

~~~
ams6110
The controllers may be able to order it but the lights are supposed to be
wired so it's impossible. E.g. grounding the green lights thorugh the cross
direction green lights so you can't illuminate green in all directions at
once. Or something along those lines.

edit: s/opposite/cross/

~~~
azinman2
It would make good sense to harden it against failure, which can come in any
form (software, mechanical, etc)

------
userbinator
_Wireless_!? On traffic lights that presumably have to be connected to a power
source anyway? It seems to me that the cost of running an additional network
cable to each light (or even just sending the control through powerline
networking) would be negligible, and it would prevent much of the attacks
described - _physical_ "hacking" would be required, which is more difficult to
do and easier to detect. This seems like yet another case of large increases
in complexity (and thus attack area) for little to no benefit, as is all too
common in systems these days.

~~~
tripzilch
Sometimes emergency vehicles need the ability to affect traffic lights.

I'm pretty sure I've seen this happen once (in NL), at an intersection with a
very predictable traffic light sequence (some intersections use sensors,
others simply follow a set pattern), an ambulance came by, sirens blaring, and
the whole pattern pretty much skipped a "turn".

~~~
walls
This has historically been accomplished by sensors on the lights and emergency
vehicles flashing a specific pattern, not wifi.

------
dm2
Another method would be to setup a vehicle or box on the side of the road that
emulated an emergency vehicle which instructed the light to change to green in
the direction that you wanted it (could also be used to change lights to red
if put in the perpendicular direction).
[http://en.wikipedia.org/wiki/Traffic_signal_preemption](http://en.wikipedia.org/wiki/Traffic_signal_preemption)

I'm not sure which method is most common. The wikipedia article says that IR,
acoustic, visible lights, and GPS can be used to change the lights. It would
be fun to experiment with different methods of changing them, but would
undoubtedly be illegal.

Apparently it's not illegal federally to use these devices to change lights,
it might be legal in some states.

[http://en.wikipedia.org/wiki/Mobile_Infrared_Transmitter](http://en.wikipedia.org/wiki/Mobile_Infrared_Transmitter)

[http://www.themirt.com/](http://www.themirt.com/)

~~~
iancarroll
In Troy MI they have infared traffic preemption. Michigan has a state law
making it illegal to mess with them.

------
soperj
More than anything I'd love to use this to actually improve the way the lights
are run downtown in my city. It's insane that they actually use them to make
people spend longer in the downtown corp. (when one turns green, the next
turns red, there is literally no flow to traffic and would be faster going
through a number of stop signs.)

~~~
jedberg
They do that to prevent speeding. If all the lights were green you might speed
through the downtown core, where there are a lot of pedestrians.

~~~
Swizec
Exactly. If you observe carefully, you'll notice that at night, when there's
less traffic/pedestrians, most of those lights turn into green waves for
anyone driving at or slightly above the speed limit.

Allowing green waves in a high traffic, high pedestrian downtown area would be
lunacy.

~~~
siculars
NYC does exactly this. Green waves along the avenues to a certain point. Then
10 block chunks of green. Different approaches for different districts.

------
thirdtruck
I'm almost jealous. Back in my weekly Shadowrun cyberpunk roleplaying game,
super-secure traffic light systems complicated a lot of our missions.

------
b_emery
This quote is pretty classic:

> According to the paper, the vendor responsible stated that it "has followed
> the accepted industry standard and it is that standard which does not
> include security."

Clearly, the 'vendor' lacks a PR team.

~~~
anigbrowl
I bet they have one when they want to complain about the amount of red tape
they have to deal with as part of the bidding process...

------
zanok
The original paper is here: [https://jhalderm.com/pub/papers/traffic-
woot14.pdf](https://jhalderm.com/pub/papers/traffic-woot14.pdf)

------
snarfy
I was under the assumption traffic signalling was so horrible because it was a
simple timing based system.

Knowing they are all networked, accessible, and controllable from a central
computer infuriates me, not because they are hackable, but because the
software currently running them is so, so horrible. It's good ol' 'government'
software.

~~~
TeMPOraL
Obligatory xkcd: [http://xkcd.com/277/](http://xkcd.com/277/).

That is, as a driver, one isn't in a position to judge whether traffic lights
timing make sense, because they're optimized globally to ensure best traffic
throughput in the whole city.

~~~
snarfy
But as a software engineer, I can certainly say that comic is wrong.

After enough short sighted releases, mountains of technical debt, poor coding
standards, and general apathy, I do not believe the engineer depicted in the
comic is accurate. "Hours of simulation" and "took me a week to work out the
timing sequences". No. No government paid software engineer spent a week
working out the timing sequences. They hacked out something as quick as they
could to meet the ridiculous deadline they were given, and then had a good
laugh about fixing the process during the retrospective meeting.

------
stephen_g
As someone who works on traffic control systems in a different country, I can
definitely believe a story!

We make security a priority (even with full network access you couldn't
control our system) but a lot of third party systems are ridiculously rubbish
and a lot of Government agencies only make token efforts at security.

------
UweSchmidt
Probably stating the obvious, but messing with traffic signs not a good idea
for a fun hacking project. I heard of someone going to prison for removing a
stop sign, obviously being held responsible for the accident that ensued.

~~~
wglb
From the second paragraph of the article:

 _The exercise was conducted on actual stoplights deployed at live
intersections, "with cooperation from a road agency located in Michigan."_

So this was done with permission.

------
dzuc
Probably the only time this image will be relevant on HN:
[http://oaknyc.com/blog/wp-
content/uploads/2013/08/Hackers3.j...](http://oaknyc.com/blog/wp-
content/uploads/2013/08/Hackers3.jpg)

~~~
enjo
Dammit that really needs to be available on Netflix instant. I love that movie
(don't worry I feel the appropriate amount of guilt in saying that).

