
The Dutch government will replace thousands of road traffic lights after a researcher found a serious vulnerability that could be easily exploited by threat actors.
Almost all traffic light installations in the Netherlands can detect approaching road users and function on that basis. In other words, they’re smart.
In the age of numerous Internet of Things devices such as sensors, traffic flow-detecting cameras, and, of course, smart cars, that’s not actually surprising – if it’s possible to enhance traffic efficiency and convenience for users, just do it.
Hacked and hijacked by radio
Plus, initiatives like Google’s AI-powered Green Light project can reduce idle vehicle emissions in cities by using real-time data analysis and optimizing traffic lights.
On the other hand, as the systems become more interconnected, the security aspect becomes important – the attack surface increases and the systems can be hacked with malicious attacks.
Already in 2020, Dutch whitehat hackers reverse-engineered apps intended for cyclists and found they could cause delays in at least 10 cities. They simply spoofed traffic data to mess with traffic lights.
However, in this particular case, the Dutch government is reacting to an issue which is serious but not actually related to ultra smart traffic controls.
Earlier this year, Alwin Peppels, a security engineer for Dutch security firm Cyber Seals, did an experiment and realized that he could use a software-defined radio to send commands to the control boxes that sit next to traffic lights.
Traffic signals can indeed be manipulated by a system called traffic signal preemption, mostly in order to halt conflicting traffic and allow the emergency vehicles through.
The exploit taps into an emergency radio signal used by ambulances and fire trucks to force traffic lights to go green so they can easily pass through intersections in the case of emergencies. An attack could be executed from kilometers away and impact multiple intersections at once, Peppels said.
Traffic signals can indeed be manipulated by a system called traffic signal preemption, mostly in order to halt conflicting traffic and allow the emergency vehicles through.
The system, called KAR and used in the Netherlands and Belgium since 2005, reduces response times and enhances traffic safety.
In the Netherlands, the public transport system also gets green lights faster. But Peppels managed to build a similar system and hacked the traffic lights – with a single push of a button.
“Talking Traffic” will take over
Being a security researcher, Peppels naturally realized that threat actors could also easily hack and gain control of the traffic lights in the Netherlands, thus manipulating the physical world.
He shared his findings – not revealed in detail as this would invite abuse of the vulnerability – with the Dutch cybersecurity agency. The problem, according to Peppels who spoke to RTL Nieuws, is also the fact that the system is quite old and securing it is easier said than done.
The solution, the Ministry of Infrastructure and Water Management soon confirmed, was to replace the traffic lights completely. There are tens of thousands of them, though, so the process will take time – the plan is to finish replacing the traffic lights by 2030.
The new system for traffic lights in the Netherlands is called “Talking Traffic.” These signals are connected to the web and aren’t vulnerable to this specific hack, the ministry said, although, quite obviously, new risks will emerge.
Traffic lights are being updated with new capabilities around the world. In the US, a vast and complicated country, modernization is sluggish.
There are about 320,000 traffic signals in America, and over 75% of them could be improved by updating equipment or adjusting the timing. That would indeed be smart as the annual congestion costs come out at over $22 billion.
Your email address will not be published. Required fields are markedmarked