Scientists hack Michigan traffic lights using laptop

Researchers have shown that it is amazingly simple to hack into traffic lights after they used only a standard laptop to control almost 100 signals in the US state of Michigan.
With permission from a local road agency, researchers led by University of Michigan computer scientist J Alex Halderman, hacked into nearly 100 wirelessly networked traffic lights.
More than 40 states across America currently use such systems to keep traffic flowing as efficiently as possible, helping to reduce emissions and delays.
The research team found three major weaknesses in the traffic light system: unencrypted wireless connections, the use of default usernames and passwords that could be found online, and a debugging port that is easy to attack.

"The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice, but rather show a systemic lack of security consciousness," the researchers said.
Wirelessly networked traffic lights have four key components.

There are sensors that detect cars, controllers that use the sensor data to control the lights at a given intersection, radios for wireless communication among intersections, and malfunction management units (MMUs), which return lights to safe fallback configurations if an "invalid" configuration occurs.
For example, if somehow every light at an intersection is green, the system might fall back to having them all become flashing red lights.

The Michigan researchers found that anyone with a computer that can communicate at the same frequency as the intersection radios - in this case, 5.8 gigahertz - could access the entire unencrypted network.
It takes just one point of access to get into the whole system, 'MIT Technology Review' reported.
After gaining access to one of the controllers in their target network, the researchers were able to turn all lights red or alter the timing of neighbouring intersections - for example, to make sure someone hit all green lights on a given route.
They could also trigger the lights' MMUs by attempting invalid configurations.

The researchers noted that their study has implications beyond traffic lights. More and more devices like voting machines, cars, and medical devices are computer controlled and will ultimately be networked.