Wired Magazine posted the article “Hackers can Mess with Traffic Lights to Jam Roads and Reroute Cars” today. They detail results from Cesar Cerrudo of IoActive who figured out the Sensys Networks VDS240 wireless vehicle detection system doesn’t have data encryption and authentication.
The Sensys detector is embedded in the road and sends a wireless signal to the main computer running the traffic signal system when a car goes over the sensor or is stopped on top of the sensor.
Cerrudo proved a hacker could interrupt this wireless communication – either telling the computer cars are present when they’re not or cars aren’t present when they are.
From a follow-up Gizmodo article on the Wired article: “This would most likely just create headaches, but Cerrudo points out it also could also impede emergency vehicles or cause collisions—putting cities at risk for loss of life.” This isn’t exactly true.
Here’s a simplified version of how signals work: There are algorithms that define minimum amounts of time and maximum amounts of time each green indication can be on. If there isn’t a car sitting in the left turn lane waiting for a green arrow or a car sitting on the cross street waiting for a green, the green light will stay on for the main road. When a car has been sitting on the minor movement long enough the computer switches over to give them a green. Then it will go back to giving the main street green after either there aren’t any cars on that minor movement anymore or that movement reaches it’s maximum amount of green time that is allocated in the program.
By putting in false calls from the sensors, a hacker could make the traffic signals work much less than optimal, but the signal would still operate within the preset boundaries. In no way would this “cause collisions.”
It also won’t effect emergency vehicles in Minnesota. Our signals have emergency vehicle preemption detectors that react to sensors on emergency vehicles so the computer changes the signal so the emergency vehicle gets green lights along its path. This preemption takes priority over the “hackable” vehicle detectors. EVP is common in Minnesota, but it isn’t implemented at all signals across the country.
This is interesting research and certainly gives pause to those agencies looking at the Sensys system. This is obviously bad news for Sensys, who was gaining significant market share.
I am more concerned about the bigger picture though. All of the modern traffic signals have copper, fiber, or wireless connectivity so engineers can dial into them remotely and change the signal timing plans. Hacking into the computers that control the signals would allow the hackers to change the minimums and maximums in the signal timing algorithm. That could cripple a city with gridlock.