Traffic lights can also be hacked

Over the past few years, articles and notes on the hacking of modern systems installed in cars have begun to appear more and more often. Due to the fact that these systems are becoming more complex every year and contain more and more points of contact with the outside world - they attract more and more attention of specialists. However, it is possible to passively influence the movement of a car, for example, by regulating traffic lights. Moreover, this "vulnerability" and are subject to "analog" cars.

Red. Red? Red!!!

The possibility of uncontrolled manipulation of alarm systems (traffic lights) in addition to introducing chaos on the roads and creating emergency situations can passively affect systems in modern cars. For example, the Audi Travolution system, which interacts with traffic lights: an approaching car can independently add gas if it does not hit the “green wave”, or, on the contrary, signal to the driver about a quick signal change (by a visual or acoustic signal or by briefly disabling the gas pedal). With a well-thought-out and verified attack, it is possible to provoke multiple accidents, influencing from the outside on the internal system for assessing the traffic situation.
')
This is confirmed by the report published by Alex Halderman: he managed to influence more than a hundred traffic lights in Michigan using a laptop and a radio transmitter. It is important to note that this was “ethical hacking”. Before conducting his experiment, he received permission from a road agency, and assured that there was no danger to drivers. The purpose of the experiment was to prove how easily traffic control infrastructure could be broken.

How it works

In the United States, 900 MHz or 5.8 GHz radio frequencies are used, this is the so-called ISM band . Equipment operating at these frequencies is involved in the medical, scientific and industrial fields.

The ISM frequency band is the part of the general-purpose radio spectrum that can be used without licensing. The only requirement for products being developed in the ISM-range is compliance with the standards established by the regulatory authorities for this part of the frequency spectrum. These rules vary in different countries. In the United States, the Federal Communications Commission (FCC) sets the standards, and in Europe the European Telecommunications Standards Institute (ETSI) establishes standards. In this frequency band, various wireless systems operate, such as Bluetooth, Wi-Fi, 802.15.4, Zigbee.

This means that researchers (and anyone) can freely buy wireless equipment to communicate with devices.

The researchers found a weak use of the recommendations for the safe use of wireless equipment - open and unencrypted radio signals. This allows potential intruders to listen to the network traffic transmitted by radio signals from the controller to the traffic light. In this way, they were able to get used accounts and passwords. Moreover, many of the passwords used were pre-set to factory settings, which can be easily found on the Internet. The controllers also had a physical debugging port on the street, which is fairly easy to access and compromise.



On the presented image there is a diagram of a typical traffic light signaling system consisting of: WiFi receiver, camera, traffic light, switch, controller, MMU (malfunction management units) processor and induction loop.

WiFi connects to the switch and sends diagnostic data, video stream from the camera and other information to the road agency. The fault management block is located between the controller and the traffic light and adjusts the switching phases based on the data from the induction loop. This unit is designed to handle faults (if at the intersection all the signals turn green, the system will force the control and turn on the red lights), but, ironically, it was the impact on the MMU that allowed the researchers to manipulate the traffic control system. The worst thing is that the researchers managed to compromise the entire system, gaining access to just one access point.

Another researcher, Caesar Cerrudo, discovered an attack vector for special sensors that allow you to control traffic flow and influence the traffic lights system:



Vehicle detection systems consist of magnetic sensors hidden in the road surface, which collect information about the traffic flow and transmit it wirelessly via its own protocol, Sensys NANOPOWER. The signal is amplified with the help of repeaters that transmit data to traffic controllers.



The protocol used for data transmission does not contain authentication mechanisms, the transmitted data is not encrypted. Theoretically, an attacker can listen to traffic and modify it at its discretion.

For such attacks (interaction with the vulnerable protocol), equipment worth about $ 4,000 is needed. In fairness it should be noted that it is not available for purchase by everyone, the researchers received it for legal penetration testing from the manufacturer. Nevertheless, the researcher noted that theoretically it is possible to access without the use of specialized equipment.

What does it threaten with?

Such attacks contain both a direct danger of people's lives (provoking an accident) and economic (delays in transit, gas mileage) and environmental (emissions).

• A denial of service (DoS) attack on controlled intersections that can lead to huge traffic jams. Forwards can set all traffic lights to red or use MMU. In this case, physical intervention of personnel is necessary to restore the normal traffic situation.
• The manipulation of switching timings with respect to other intersections will create a resonance for the entire transport infrastructure.
• Control the traffic lights system to create a priority green wave for the intruders' vehicles.

How about us?

The information is quite scarce, although “smart traffic lights” appear every day.

PeterStar Company organizes the connection of traffic lights to the city automatic traffic control system (AUDMS) in Veliky Novgorod via the Internet.

Works are carried out within the framework of the implementation of the Safe City departmental program, which is conducted by the city administration.

Currently, the first stage of the project has been completed: the traffic lights are connected via the existing infrastructure of PeterStar to the Internet, which in the future will allow automatic control of traffic lights using the automated control system to optimize traffic management. Subsequently, on the basis of organized connections, it is planned to provide video surveillance on city roads.

In the Russian Federation, so far no one seems to have broken traffic lights, but they were breaking billboards and video recording systems for speeding violations.

Broken arrow

In January 2014, the Strelka-ST system was infected with viruses:

In Moscow region, all complexes of photo and video recording of traffic violations were out of order. Currently, traffic control is carried out using mobile systems for recording violations of traffic rules.
As ITAR-TASS was informed by the press service of the Moscow Region State Motor Vehicle Inspectorate, the stationary photo and video recording complexes are currently inoperative for some unknown reason. The traffic police department informed the owner of the “GKU CDDD MO” cameras about the need to restore the cameras.

After in-depth diagnostics of thermostatted computers of the Strelka-ST complex, it was established:

- As a result of the deliberate hacking of the system, the file system of the processing and control units of the Strelka-ST complexes was damaged, which makes it impossible to launch the Windows XP operating system and the specialized software of the complexes;
- corrupted system logs of the operating system; on system disk C:
- Found foreign malicious batch file 222.bat, configured to automatically change the password of the operating system and run the executable file 1.exe;
- passwords for access to the operating system with administrator rights have been changed.

The reason for the inoperability of the complexes is the intentional hacking of the operating system by unknown persons.

Honey, I'm in porn , i.e. in a traffic jam.

A traffic jam can be provoked by a distracting event:

On the evening of January 14, a pornographic clip was shown on the video screen on the Garden Ring in the area of ​​the Serpukhov tunnel on a video screen.

As a result, there was a traffic jam on the road from drivers who tried to photograph what was happening, writes Lenta.ru

“I was at home, I scanned the ports, I was aimlessly looking for something on the Web,” said Igor to Life News. - Found about 50 vulnerable computers that I could enter without problems. Among them were private computers and company numbers. Incidentally I saw one Moscow server among them. It was January 10th. I went to the server and saw the promotional videos spinning. I saved it, I remembered the passwords, then I came in again and looked. I decided to upload a porno there. For fun!

Additionally

ASUDD - Automated Traffic Control System. This is a set of technical, software and organizational measures that ensure the collection and processing of information about the parameters of traffic flows and, on the basis of this, optimize traffic control.

For everyone who is interested in the issue of safety of traffic management systems, I recommend to get acquainted with the following habratopiki:
ASUDD: What hangs over the road?
ASUDD: Evolution of "smart" traffic lights
Green Wave today