Abstract
The safety critical nature of traffic infrastructure requires
that it be secure against computer-based attacks, but this
is not always the case. We investigate a networked traffic
signal system currently deployed in the United States
and discover a number of security flaws that exist due
to systemic failures by the designers. We leverage these
flaws to create attacks which gain control of the system,
and we successfully demonstrate them on the deployment
in coordination with authorities. Our attacks show that
an adversary can control traffic infrastructure to cause
disruption, degrade safety, or gain an unfair advantage.
We make recommendations on how to improve existing
systems and discuss the lessons learned for embedded
systems security in general
more here.................https://jhalderm.com/pub/papers/traffic-woot14.pdf
Image may be NSFW.The safety critical nature of traffic infrastructure requires
that it be secure against computer-based attacks, but this
is not always the case. We investigate a networked traffic
signal system currently deployed in the United States
and discover a number of security flaws that exist due
to systemic failures by the designers. We leverage these
flaws to create attacks which gain control of the system,
and we successfully demonstrate them on the deployment
in coordination with authorities. Our attacks show that
an adversary can control traffic infrastructure to cause
disruption, degrade safety, or gain an unfair advantage.
We make recommendations on how to improve existing
systems and discuss the lessons learned for embedded
systems security in general
more here.................https://jhalderm.com/pub/papers/traffic-woot14.pdf
Clik here to view.
