A team of security researchers from the University of Michigan, led by computer science professor J. Alex Halderman, found that the state's traffic light infrastructure is wide open to hackers. The team, with the permission of a local road agency, took control of a system of nearly 100 lights with nothing more than a laptop and a bit of custom code. Incredibly, not only did the entire network the team tested communicate without encrypting its data, but default usernames and passwords could be used to log in. "The vendors had not enabled encryption by default and the road agency never did so themselves," even though doing so would be trivial, said Ph.D student Branden Ghena, who was part of the team. "It is as simple to turn on as checking a button."
Once in, the team could change light schedules, disable parts of the grid, or put the whole system into a failsafe mode, like when intermittent power leaves lights all blinking red — all in minutes. As the paper documenting the results puts it, "until these systems are designed with security as a priority, the security of the entire traffic infrastructure remains at serious risk."
IN-DEPTH
- Man Hacks Monitor, Screams at Baby Girl
- The Stoplight Turns 100, but Could it Soon be Coming to a Halt?
- 'Project Galileo' Aims to Protect Vulnerable Websites from Hack Attacks