The idea that our traffic data systems are vulnerable is not a new one. In fact, improving cyber security on our nation’s infrastructure is a huge priority right now. But a new study from the University of Michigan on the vulnerabilities of traffic lights is shocking proof that we need to make some major changes, and we need to make them now.
A team led by computer scientist J. Alex Halderman recently conducted a study on the security of traffic lights in an unnamed Michigan town and found them to be ridiculously easy to hack. Three major weaknesses—unencrypted wireless connections, the use of default usernames and passwords, and vulnerable dubugging ports—meant that the researchers were able to take control over the lights with a normal laptop. As long as the wireless card in the hacker’s computer can communicate at the same frequency that the traffic lights use, it can break into the wireless network that powers the entire system.
It’s pretty mind-boggling actually. A hacker can find the default usernames and passwords needed for unfettered access and take over a whole city’s traffic system with one dinky exploit. And it really is a systemic problem. As the Michigan research team wrote in their paper on the experiment, “The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice, but rather show a systemic lack of security consciousness.”
The really scary thing in this conclusion is the simple fact that we’re making more and more machines internet-connected with taking the necessary cyber security measures. If it’s freakishly easy to hack into our traffic lights, it’s probably freakishly easy to hack into some electronic voting machines, medical devices, and possibly even power grids.