The researchers shared their findings at DefCon virtual event and also explained the aftermath of hacking traffic lights by malicious elements.
With technology connecting everything around us, a lot of our devices also become more vulnerable and that’s one major issue with the Internet of Things (IoT) devices. Such is the case in the Netherlands where certain traffic light systems are being connected to the smartphones of users in order to improve the traffic signals flow.
However, just recently at DEFCON, security researchers Rik van Duijn and Wesley Neelen who run a security firm named Zolder have demonstrated how these lights could be manipulated altering the frequency of different traffic signals.
Explaining their findings, the researchers begun by introducing how certain apps exist for cyclists to install and therefore this became the focal point of their research. One may think, cyclists and traffic lights?
Well, it turns out that the Dutch country has about 23 million bicycles along with a 35,000 km cycling infrastructure making it a regular part of their traffic.
Now going into how the manipulation worked, we need to understand that these apps allow cyclists to communicate with traffic light systems in terms of telling the system of their location at a particular intersection.
So for example, if I am near an intersection, the traffic light system would know and this would result in the time for light to go green to be decreased helping smoothify the flow of traffic and creating ease nonetheless.
However, the problem comes when the hackers have the ability to trick the system into giving a green light to non-existent bicycles through feeding fake data into the apps which is exactly what these researchers did.
Specifically, we found a way in two different platforms, that allows us to successfully fake a continuous flow of bicyclists that turns the cyclist traffic light instantly green or decreases the time to green, the reseachers said.
Watch the demo number 1 below:
Watch the demo number 2:
Furthermore, this could be done from any remote location decreasing the likelihood for the potential attackers to be caught. The consequences of this include the notion that traffic jams could be caught causing havoc and at the same time, it could also be used as a form of cyber-pranking to annoy other vehicles at the same intersection.
Watch Rik van Duijn and Wesley Neelen at DefCon virtual event giving an in-depth presentation about the attack:
To conclude, although the testing was done in a city named Dordrecht in Western Netherlands, these smart traffic light systems exist in a total of 10 cities making a lot of citizens vulnerable to such attacks.
Currently, the researchers have alerted all the responsible stakeholders who should fix the flaw in the near future. Nonetheless, other countries who are thinking of implementing such smart systems in the transportation sector should take heed from this and adapt accordingly in order to prevent such security mishaps.