By on July 29, 2014

Screen Shot 2014-07-29 at 11.00.15 AM

In a few weeks, at WOOT (the USENIX Workshop on Offensive Technologies — an academic conference where security researchers demonstrate broken stuff), a team from the University of Michigan will be presenting a lovely paper, Green Lights Forever: Analyzing the Security of Traffic Infrastructure. It’s a short and fun read. In summary, it’s common for traffic light controllers to speak to each other over a 5.8GHz wireless channel (much like WiFi, but a dedicated frequency) with no cryptography, default usernames and passwords, and well-known and exploitable bugs. Oh boy. And what can we do with that?

We want our traffic lights to coordinate with one another. This streamlines the flow of traffic. If an attacker can mess with that coordination in an arbitrary fashion, then they can for example ensure they always have green lights. They can ensure others don’t. The opportunities for mayhem may seemingly allow your imagination to wander to the low point of Bruce Willis’s career: Live Free or Die Hard, wherein cyber-baddies redirected traffic in a vain attempt to squish our action hero. In reality, probably not. One of the curious things about the computer design for traffic light controllers is that there are really two computers stacked one atop the other. The “MMU” computer has a bunch of basic rules it has to enforce (e.g., minimum duration of yellow lights) and if the fancy controller tries to create panic at the disco, the MMU says “umm, no” and goes into flashing red, requiring somebody to manually come out and reset it. Which is to say, an attacker who wants to do more than a little tweaking here and there is likely to just dump all the lights into blinking-red mode and just piss everybody off.

So… I’m sure you’ve got questions. Let me see if I can anticipate them and act like I know what I’m talking about:

How hard is it to pull this off? Surprisingly easy. About the only thing that’s non-trivial is getting hold of the proper radio hardware, and that’s a pretty low bar.

How hard is it to fix this? Harder than you’d think. These radios do support WPA2 (the same crypto standard used to protect WiFi networks), and cities could deploy it. They’d inevitably end up using the same key material everywhere, but that’s certainly better than doing everything in the clear. More importantly, these signal lights were never really engineered to be easy to apply software updates, unlike your smartphone or something that happily updates itself in the background. This means that latent bugs can be more easily found and exploited, simply by rummaging around in the list of bugs fixed in newer versions of the system.

Come on, nobody’s going to really do this. Sure, you go ahead and believe that, but wouldn’t you like to know that somebody can’t just arbitrarily screw with traffic? I can think of all sorts of nefarious reasons why an attacker might be financially incentivized to create carefully chosen local traffic jams.

This kind of information is too dangerous to be out in public! Whoa there. Just because it’s new to you doesn’t mean it’s new to the nefarious sorts. Sometimes, a little bit of public pressure is a very good thing to push vendors to fix their products and push customers to adopt the fixes. (There’s also an analogy here to the argument that gun control only limits the good guys’ guns. That particular argument is generally stronger when we’re talking about cyber weapons versus the traditional kinetic variety.)

Gosh, what would happen if future traffic light controllers didn’t have the MMU contraption? Arguably the MMU saved their bacon. Otherwise, the U. Michigan team would have been able to do much nastier things. Also, if we ever get autonomous intersections (great work from UT Austin, by the way), where self-driving robo-cars are negotiating their paths well in advance, getting rid of traditional stop lights altogether, then the security vulnerabilities would be a much, much more serious concern. Just watch the video below and cringe a bit.

Get the latest TTAC e-Newsletter!

22 Comments on “Hacking traffic lights for fun and profit!...”

  • avatar

    If HELLCAT came with one of those devices the Fire Department has that turns all the lights green – and the side lights red… I would trade-in both my cars right now.

  • avatar


  • avatar

    I imagine most people would prefer procuring themselves an Opticom emitter, especially one with an infra-red filter so it’s invisible to the naked eye. Of course, getting caught doing any of this will likely lead to an unpleasant visit from Homeland Security, or other governmental enforcement agency, and a small room with bars.

    As far as the video of autonomous cars negotiating an intersection, the clearances are way to small for safety. If a tire slipped a little or a vehicle ran out of gas, or otherwise momentarily lost power, the result could be catastrophic!

    • 0 avatar

      Just imagine if someone decided to initiate emergency brake mode in the middle of the intersection. Instant multi-car crash.

      The idea is solid, and I agree that something like this would be able to safely eliminate a traditional timed traffic light, but a failure mode that allows car crashes by design is unacceptable.

  • avatar
    SCE to AUX

    You’ll never shut down the Real Napster!


    • 0 avatar

      … all I want is a room for my shoes.

      • 0 avatar

        …and a stereo so loud it blows women’s clothes off.

        That automated intersection movie sure looks crazy scary, but if you have seen the traces from a busy airport it looks about the same, just with bigger gaps. Planes are much faster but get the added advantage of moving in three dimensions.

  • avatar

    I fail to see the advantage of an “autonomous intersection” as seen above over even a minimal rotary implemented in the same space. Seems like it would be much safer.

  • avatar

    “the low point of Bruce Willis’s career: Live Free or Die Hard”

    I believe the nadir is more like A Good Day to Die Hard, but Hudson Hawk gets the lowest Metacritic rating (17 out of 100).

    • 0 avatar

      So many critics hated Hudson Hawk, but I absolutely love that movie. Has me in stitches every time I watch it – Sandra Bernhards finest roll. “Bunny, ball! ball!” ROFL!

  • avatar

    One of my math professors in college was working on the Autonomous Intersection algorithms (not this particular one, but that was one of his main areas of research) and it was always fascinating to hear him talk about just how difficult it is to develop all the algorithms for this.

    • 0 avatar

      The fail-safe would be the hardest, I’d imagine.

      Some guy drives through in his non-automated Chevrolet Scottsdale, and drifts over into the other lane.

      Or, what happens if a car loses control in the winter? What if I don’t buy a brown Google quattro?

      Many variables to think about…

  • avatar

    “You can’t stop the signal, Mal.”
    Someone had to do it.

  • avatar

    >> I can think of all sorts of nefarious reasons why an attacker might be financially incentivized to create carefully chosen local traffic jams.

    Bwahahahahaha! Google bridgegate.

  • avatar

    Note to self: Follow my worst enemy to his most important meeting of his career, and turn all the lights red. For 10 minutes each.

  • avatar

    Huh. Suddenly I have an itch to go buy stuff at RadioShack and I don’t know why…

  • avatar

    The problem is real, but the solution is relatively cheap and simple: the controller designs are ancient and should have been upgraded ages ago, but weren’t because the issue isn’t sexy enough for bureaucrats and lawmakers. From what I’ve seen, when lawmakers DO get involved, the problem gets worse before it gets better.

    It’s amazing how scientifically and technically illiterate our elected officials are. They’re fiscally incompetent too, and that’s actually part of their jobs.

    Expect a high profile crisis, probably terrorist-inspired (but not terrorist created) and the solution installed quickly, with federal funding and a bunch of new laws for Homeland Security to oversee, with stiff penalties.

Read all comments

Back to TopLeave a Reply

You must be logged in to post a comment.

Recent Comments

  • EBFlex: “the majority of hospitalized COVID-19 cases across the state’s largest hospitals, or about 75 percent,...
  • slavuta: Why do I need to listen to some Ellie Murray? for “week ending Dec. 10,”??? I went to official...
  • Lou_BC: “Last week, unvaccinated individuals were 31x more likely to be infected with COVID than boosted individuals”...
  • Lou_BC: “Last week, unvaccinated individuals were 31x more likely to be infected with COVID than boosted...
  • Lou_BC: Context is everything: “Despite fewer than 13 percent of adult Massachusetts residents being completely...

New Car Research

Get a Free Dealer Quote

Who We Are

  • Adam Tonge
  • Bozi Tatarevic
  • Corey Lewis
  • Jo Borras
  • Mark Baruth
  • Ronnie Schreiber