Motorists drive by traffic lights every day and trust they will work. But NBC 5 Investigates found that as more cities turn to wireless traffic systems, some of those systems are unprotected and open to a cyber-attack.
“We implicitly trust these devices,” said Branden Ghena, a University of Michigan PhD student who studies how easy it is to manipulate electronics. “We drive through the intersection knowing that red means we should stop and green means we should go and there’s not going to be any trouble. The light will work as intended.”
“We could actually make the lights all red,” said Ghena. “We could change the light to be green in our direction. These are clearly not the intended behavior of these systems.”
Ghena and a research team at the University of Michigan discovered that with a basic laptop and a wireless radio it could hack into the software system of a company called Econolite. The research team worked with a road crew to make this happen. And In their experiment, Ghena says they were able to manipulate more than 1,000 traffic lights in one town alone – turning red lights green, and green lights red.
“It was surprisingly easy,” said Ghena.
The reason is simple.
“It doesn’t have passwords on it or encryption on the wireless communications,” said Ghena. “They’re basic things, but they’re not enabled by default because the vendor wasn’t thinking about that and assumed the road agency would do something. And the road agency assumed they were good enough the way they came.”
NBC5 Investigates discovered similar vulnerabilities with another company called Sensys Networks, which controls wireless traffic systems in major hubs including Washington DC, Los Angeles, New York City, San Francisco and Chicago.
Just two months ago the U.S. Department of Homeland Security issued this advisory, warning of these “vulnerabilities” after learning about the research of Argentinian security expert Cesar Cerrudo. Cerrudo used a cheap drone flying hundreds of feet above to show how he could hack into Sensys’s traffic signals below.
“The problem is that it’s not protected information,” said Cesar Cerrudo, Chief Technology Officer for IOActive Labs. “I just programmed it to send fake data to the traffic control system so I can make them do things they are not supposed to do.”
Here’s how a traffic control system works: There are sensors buried in the road that detect cars. That information is then sent to the access point which is connected to the traffic control system and controls the lights. And all of this is done wirelessly.
These Sensys Networks systems are used in 10 countries, 45 states, and throughout Illinois.
“(Cerrudo) did identify an area where we had not encrypted the data stream,” said a Sensys Networks spokesman, during a phone conversation with NBC 5 Investigates. He also explained that the company recently issued a software fix, but that it is up to each city, whether to use the fix - and that some cities across the us could still be vulnerable.
NBC 5 Investigates had a lengthy phone conversation with the spokesman from Sensys Networks. We offered the company the opportunity to answer our questions in an on-camera interview. It declined and instead provided us with this two-page statement.
A spokesman from the Chicago Department of Transportation tells us of the 3,100 intersections in Chicago, only 12 of them utilize Sensys Networks wireless technology. But he could not say whether the city has upgraded the software to make Chicago’s traffic lights more secure.
“They are as vulnerable as any cellphone system,” said Transportation Engineer Erick Rivera, who has worked with both Sensys Networks and Econolite traffic systems
Without passwords or encryption, these systems are only as secure as your basic cell phone.
“If the person is able to hack into one intersection, it could mess up an entire corridor,” said Rivera.
Security researchers say simply using passwords and encrypting the systems could prevent future attacks.
“The real attacks here are where you clog up congestion in a city so you can turn all the lights to red and people will be stuck in traffic jams for hours,” said Ghena.