Language English Website Language Chinese Website

Traffic Control Systems Are Vulnerable to Hackers

IOActive Labs CTO Cesar Cerrudo recently warned that devices used by traffic control systems in several major U.S. cities contain vulnerabilities that make them surprisingly easy to breach (h/tComputer Business Review).

"The vulnerabilities I found allow anyone to take complete control of the devices and send fake data to traffic control systems," Cerrudowrites. "Basically, anyone could cause a traffic mess by launching an attack with a simple exploit programmed on cheap hardware ($100 or less)."

Cerrudo ran a successful test attack from a drone flying at over 650 feet, and notes that an attack could also be launched by infecting the devices with malware. "What worries me the most is that if a vulnerable device is compromised, it's really, really difficult and really, really costly to detect it," Cerrudo writes. "So there could already be compromised devices out there that no one knows about or could know about."

By leveraging the vulnerabilities, Cerrudo says, an attacker could make traffic lights stay green for a longer or shorter time, stay red and not change to green, or flash. "It's also possible to cause electronic signs to display incorrect speed limits and instructions and to make ramp meters allow cars on the freeway faster or slower than needed," he writes.

Vulnerable vendors, Cerrudo writes, serve more than 250 customers in 45 U.S. states and 10 countries. Affected U.S. cities include New York, San Francisco, Los Angeles, Boston, Seattle, and Washington, D.C.

According to Cerrudo, ICS-CERT notified one vendor of the vulnerabilities in September of 2013, but the vendor "didn't think the issues were critical nor even important."

"This should be another wake up call for governments to evaluate the security of devices/products before using them in critical infrastructure, and also a request to providers of government devices/products to take security and security vulnerability reports seriously," Cerrudo writes.

Cerrudo will present his findings at the INFILTRATE conference in Miami Beach, Fla., on May 16, 2014.

Photo courtesy of Shutterstock.

| 发布时间:2014.05.05    来源:Network Security    查看次数:2092

About us  |   Jobs  |   Support  |   Successful Case  |   Contact Us  |   Old Website

Copyright © 2001-2012 Eventy made in China All Rights Reserved. Designed by:Guangzhou Yema, Electronic Technology Co., Ltd.

Guangdong ICP Keep on record NO.11076988-2 sum: