https://www.bleepingcomputer.com/news/technology/one-single-malicious-vehicle-can-block-smart-street-intersections-in-the-us/ BleepingComputer.com logo * * * * [ ] [Login] [Sign up] * * * * [ ] [Login] [Sign up] * News + Featured + Latest + Apple backports fix for zero-day exploited in attacks to older iPhones Apple backports fix for zero-day exploited in attacks to older iPhones + CISA: Black Basta ransomware breached over 500 orgs worldwide CISA: Black Basta ransomware breached over 500 orgs worldwide + Botnet sent millions of emails in LockBit Black ransomware campaign Botnet sent millions of emails in LockBit Black ransomware campaign + Europol confirms web portal breach, says no operational data stolen Europol confirms web portal breach, says no operational data stolen + PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers + Microsoft fixes VPN failures caused by April Windows updates Microsoft fixes VPN failures caused by April Windows updates + Singing River Health System: Data of 895,000 stolen in ransomware attack Singing River Health System: Data of 895,000 stolen in ransomware attack + VMware makes Workstation Pro and Fusion Pro free for personal use VMware makes Workstation Pro and Fusion Pro free for personal use * Tutorials + Latest + Popular + How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 + How to use the Windows Registry Editor How to use the Windows Registry Editor + How to backup and restore the Windows Registry How to backup and restore the Windows Registry + How to open a Windows 11 Command Prompt as Administrator How to open a Windows 11 Command Prompt as Administrator + How to start Windows in Safe Mode How to start Windows in Safe Mode + How to remove a Trojan, Virus, Worm, or other Malware How to remove a Trojan, Virus, Worm, or other Malware + How to show hidden files in Windows 7 How to show hidden files in Windows 7 + How to see hidden files in Windows How to see hidden files in Windows * Virus Removal Guides + Latest + Most Viewed + Ransomware + Remove the Theonlinesearch.com Search Redirect Remove the Theonlinesearch.com Search Redirect + Remove the Smartwebfinder.com Search Redirect Remove the Smartwebfinder.com Search Redirect + How to remove the PBlock+ adware browser extension How to remove the PBlock+ adware browser extension + Remove the Toksearches.xyz Search Redirect Remove the Toksearches.xyz Search Redirect + Remove Security Tool and SecurityTool (Uninstall Guide) Remove Security Tool and SecurityTool (Uninstall Guide) + How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo + How to remove Antivirus 2009 (Uninstall Instructions) How to remove Antivirus 2009 (Uninstall Instructions) + How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller + Locky Ransomware Information, Help Guide, and FAQ Locky Ransomware Information, Help Guide, and FAQ + CryptoLocker Ransomware Information Guide and FAQ CryptoLocker Ransomware Information Guide and FAQ + CryptorBit and HowDecrypt Information Guide and FAQ CryptorBit and HowDecrypt Information Guide and FAQ + CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ * Downloads + Latest + Most Downloaded + Qualys BrowserCheck Qualys BrowserCheck + STOPDecrypter STOPDecrypter + AuroraDecrypter AuroraDecrypter + FilesLockerDecrypter FilesLockerDecrypter + AdwCleaner AdwCleaner + ComboFix ComboFix + RKill RKill + Junkware Removal Tool Junkware Removal Tool * Deals + Categories + eLearning eLearning + IT Certification Courses IT Certification Courses + Gear & Gadgets Gear + Gadgets + Security Security * VPNs + Popular + Best VPNs Best VPNs + How to change IP address How to change IP address + Access the dark web safely Access the dark web safely + Best VPN for YouTube Best VPN for YouTube * Forums * More + Startup Database + Uninstall Database + Glossary + Chat on Discord + Send us a Tip! + Welcome Guide * Home * News * Technology * One Single Malicious Vehicle Can Block "Smart" Street Intersections in the US * * One Single Malicious Vehicle Can Block "Smart" Street Intersections in the US By Catalin Cimpanu * March 6, 2018 * 09:30 AM * 1 Street intersection traffic lights Academics from the University of Michigan have shown that one single malicious car could trick US-based smart traffic control systems into believing an intersection is full and force the traffic control algorithm to alter its normal behavior, and indirectly cause traffic slowdowns and even block street intersections. The team's research focused on Connected Vehicle (CV) technology, which is currently being included in all cars manufactured across the globe. While the CV acronym includes a large number of standards and protocols, there are two major technologies that are found in almost all smart cars sold in the past years. The first is vehicle-to-vehicle (V2V) technology, and this helps cars talk to each other by sharing movement path, direction, speed, and other settings. This allows vehicles to avoid intersecting movement paths and detect situations when one car stops suddenly, allowing nearby vehicles to avert impending collisions. The second technology is vehicle-to-infrastructure (V2I), and as the name clearly implies, this is a standard that shares car movement details with traffic infrastructure, such as highways junctions and city street intersections. Flaws found in the US DOT's I-SIG system In the US, the Department of Transportation (DOT) has started implementing a V2I system called Intelligent Traffic Signal System (I-SIG), already found on the streets of New York, Tampa (Florida), Cheyenne (Wyoming), Tempe (Arizona), and Palo Alto (California). But the Michigan research team says the I-SIG system in its current default configuration is vulnerable to basic data spoofing attacks. Researchers say this is "due to a vulnerability at the signal control algorithm level," which they call "the last vehicle advantage." This means that the latest arriving vehicle can determine the traffic system's algorithm output. The research team says I-SIG doesn't come with protection from spoofing attacks, allowing one vehicle to send repeated messages to a traffic intersection, posing as the latest vehicle that arrived at the intersection. Researchers mount I-SIG attack Rresearchers say an attacker can use this bug and trick a traffic control system into believing cars keep arriving from all sides on the left lane. The system reacted by altering traffic lights and prolonging red light times to accommodate the non-existent vehicles, causing a delay in the entire intersection. "The spoofed trajectory data from one single attack vehicle is able to increase the total delay by as high as 68.1%, which completely reverses the benefit of using the I-SIG system (26.6% decrease) and cause the mobility to be even 23.4% worse than that without using the I-SIG system," researchers say. According to simulated traffic models, the Michigan team says that a fifth of all cars that enter an intersection took seven minutes to traverse the traffic junction that would have normally taken only half a minute. "Based on our analysis, even though the I-SIG system has shown high effectiveness in reducing traffic delay in benign settings, the current algorithm design and configuration choices are highly vulnerable to data spoofing, and even the data from one single attack vehicle is able to manipulate the traffic control to a great extent, causing massive congestion," researchers say. Flaws are not a suitable attack vector It is unclear how a threat actor might use the vulnerabilities discovered by the Michigan research team, as it would take them thousands of malicious cars spread across a city for long periods of time to incur any real economical damages to the local business sector. A more feasible attack scenario would be to create a virus that spreads from cars to cars on its own, blocking intersections across a country without needing dedicated malicious cars at each traffic junction. But if an attacker would be able to mass-infect vehicles with malware, then car owners should be worried about more serious consequences rather than longer traffic light waiting times. Nonetheless, the research goes to prove that despite some countries deploying smart traffic control systems across cities, these systems aren't adequately secured even four years after IOActive researchers first spotted problems with such technologies. More details are available in the research paper entitled "Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control," presented at the end of February at the NDSS Symposium in San Diego, California. Article updated with YouTube video. * Car Hacking * Internet of Things * Smart Car * * * * * Catalin Cimpanu Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/ Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page. * Previous Article * Next Article Comments * BinaryHedgehog Photo BinaryHedgehog - 6 years ago + + Did you mean "Tempe, AZ"? It would make sense that Tempe would house this new technology, I just feel bad for the (University of) Arizona students who might have to end up dealing with this petty, but probably still somewhat destructive attack. Post a Comment Community Rules You need to login in order to post a comment [Login] Not a member yet? Register Now You may also like: [INS::INS] Mandiant mWise Conference 2024 Popular Stories * Hacker Tunnel Hackers use DNS tunneling for network scanning, tracking victims * FCC FCC reveals Royal Tiger, its first tagged robocall threat actor Follow us: * * * * * Main Sections * News * VPN Buyer Guides * SysAdmin Software Guides * Downloads * Virus Removal Guides * Tutorials * Startup Database * Uninstall Database * Glossary Community * Forums * Forum Rules * Chat Useful Resources * Welcome Guide * Sitemap Company * About BleepingComputer * Contact Us * Send us a Tip! * Advertising * Write for BleepingComputer * Social & Feeds * Changelog Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure Copyright @ 2003 - 2024 Bleeping Computer^(r) LLC - All Rights Reserved Login Username [ ] Password [ ] [*] Remember Me [ ] Sign in anonymously [Login] Sign in with Twitter button Sign in with Twitter --------------------------------------------------------------------- Not a member yet? Register Now Reporter Help us understand the problem. What is going on with this comment? * ( )Spam * ( )Abusive or Harmful * ( )Inappropriate content * ( )Strong language * ( )Other [ ] * [ ] Read our posting guidelinese to learn what content is prohibited. Submitting... SUBMIT