Kaspersky Lab’s Researcher Proves How Easy it is to Tamper with Moscow’s Traffic Sensors
Thankfully, researchers of our age are not only interested in making everything smart and intelligent, but they are also thinking about making them safe and secure from prying eyes. Kaspersky Lab is one such company that stresses upon encouraging groundbreaking researches and discoveries.
In one such attempt, Denis Legezo, a researcher at Kaspersky Lab, discovered how easy it is to tamper with traffic sensors in Moscow. He also showed how devastating its consequences could be since it can lead to poor traffic management and obviously that would lead to accidents and all sorts of mishaps for drivers and pedestrians.
As per Legezo, he started researching about the potential, inherent vulnerabilities of traffic sensors in Moscow with gaining information about the models installed, the types of communication protocols involved sales related information, identifiers, software used for operating the devices and other key technical details. This, in his opinion, was crucial to the research and there was no ethical violation conducted by him as manufacturers are ready to give away every detail.
“The openness showed by the manufacturers to installation engineers, their readiness to give them access to tools and documents, automatically means they are open to researchers,” said Legezo.
This data helped him create a scanner, which could potentially identify those devices that were vulnerable. He used it all over the city and finally came to the conclusion that one of the models of traffic sensors utilized Bluetooth for communicating data. He also identified that it was easy to install new firmware on this device through a wireless connection that is primarily created for servicing.
“After selecting any of the identified sensors, you can install the device configuration software supplied by the vendor on your laptop, drive to the location (the physical address saved in the database), and connect to the device.”
Legezo did manage to find the firmware of the device’s manufacturer on the Internet but it was useless to get the code because he had no idea about the internal structure of controllers installed in the device. Thus, he consulted an engineer who worked for the same company. From his, Legezo received the type of encryption utilized for firmware security. The issue was that he didn’t have the device to test his hypothesis.
Legezo opines that modifying firmware wasn’t as important because the easier technique would be using the software that the manufacturer provides for device configuration and sending out commands to them.
He also noted that once the connection gets created with the traffic sensor through this tactic, the commands no longer remain hidden and a sniffer exposes them.
“To sum up, a car driving slowly around the city, a laptop with a powerful Bluetooth transmitter and scanner software is capable of recording the locations of traffic sensors, collecting traffic information from them and, if desired, changing their configurations,” noted legezo.
To avoid any mishaps, he recommends that proprietary authentication above the standard protection layer should be implemented on all popular protocols.
It will also help if non-standard identifiers and names are used.
“Personally, I agree with the manufacturer and respect them for this, as I don’t think the ‘security through obscurity’ approach makes much sense these days; anyone determined enough will find out the command system and gain access to the engineering software,” he concluded.
You can go through researcher’s finding here.