U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Hacking traffic light systems

In this article published on the Infosec Institute are analyzed the principal studies on the security of traffic light systems and techniques to hack them. http://resources.infosecinstitute.com/hacking-traffic-light-systems/ We often see movie scenes in which hackers are able to hack systems for the control of traffic lights, with catastrophic consequences, unfortunately we must be conscious that threat […]

Hacking traffic light systems

In this article published on the Infosec Institute are analyzed the principal studies on the security of traffic light systems and techniques to hack them.

http://resources.infosecinstitute.com/hacking-traffic-light-systems/

We often see movie scenes in which hackers are able to hack systems for the control of traffic lights, with catastrophic consequences, unfortunately we must be conscious that threat actors are really able these complex infrestructures causing serious problems.

Traffic lights were originally designed as standalone systems, but they evolved with technological progresses into more complex, networked systems. Modern traffic controllers are able to execute multiple timing plans, communicate in real time with a huge quantity networked sensors and elaborate the collected information to manage traffic flows in the most efficient way

Coordinated traffic signal systems provide great benefits in term of wasted time, environmental impact and public safety, but for their interconnection, public administration have to spend a great effort to ensure an efficient interconnection on a metropolitan geographic distribution. Wireless networking represented the optimal choice to reduce the interconnection cost and quickly implement an interconnected network of traffic light control systems. However, these improvements have raised serious questions in term of security of the overall architectures, the components of traffic light systems are today remotely accessible and wireless interconnected, with serious repercussions in term of security.

hacking traffic light systems

Read the full article on Infosec Institute

Hacking traffic light systems

The studies presented in this post demonstrate that traffic control systems are vulnerable to cyber attacks, fortunately improving security of the components of a traffic light control system and of the internal connection is possible to prevent major incidents. We have seen that an attacker can run a denial of service attack or cause a traffic jam as diversive measure in a more sophisticated attack.

As remarked by all the actors involved in such interesting studies, the principal problem is the lack of security awareness of the cyber threat, the experts highlighted that traffic controller vendors haven’t managed properly the vulnerability disclosure by the security community. The companies just ensure the compliance to actual industry standards, which don’t consider properly the security issues.

Next generation of control traffic systems must be built with security by design, and fortunately governments are understanding the critic of such environments and the risks of major attacks.

The researchers suggest manufacturers and operators to improve the security of traffic light systems adopting encrypted communications between components of the infrastructure, digitally signing the firmware running on each component to avoid software modifications, and not using default credentials.

Let me close with a reflection, Traffic Light systems are just a sample of the larger family of IoT (Internet of Things), many other devices we daily use have similar vulnerabilities threat actors are increasing targeted them.

Read the full article on Infosec Institute

Hacking traffic light systems

Pierluigi Paganini

(Security Affairs – traffic light systems, hacking)