Hacking Traffic Lights

The article discusses the potential for hacking traffic lights and the importance of ethical hacking to prevent manipulation of smart systems. The authors found a way to manipulate cyclist traffic lights in the Netherlands through smartphone apps, which could be done remotely and at scale. The hack could potentially be used to manipulate car traffic lights as well.

• Connected traffic and smart traffic lights are becoming more common to improve traffic flow, safety, and comfort
• Ethical hacking is important to prevent manipulation of smart systems
• The authors found a way to manipulate cyclist traffic lights in the Netherlands through smartphone apps
• The hack could be done remotely and at scale, potentially allowing for manipulation of car traffic lights as well

The authors were able to successfully fake a continuous flow of bicyclists to turn the cyclist traffic light instantly green or decrease the time to green. This hack could be performed from any remote location, allowing someone to remotely influence traffic at scale. The regular security systems that prevent lights from turning green simultaneously were not affected.

New systems are connected to the internet every day to make our lives easier or more comfortable. We are starting to see connected traffic and smart traffic lights innovations to improve traffic flow, safety and comfort. With smart systems entering and controlling our physical world, ethical hacking such systems to find possible ways of manipulation becomes even more important to society. In the Netherlands there are some public innovations where traffic light systems are being connected to smartphone apps. We have looked at these innovations to see if these systems could be manipulated and how manipulation could benefit an attacker. Specifically, we found a way in two different platforms, that allows us to successfully fake a continuous flow of bicyclists that turns the cyclist traffic light instantly green or decreases the time to green. More than 10 municipalities in the Netherlands connected a part of their cyclist traffic lights to the affected platforms. It was possible to perform these hacks from any remote location, which allows someone to remotely influence the traffic at scale. The hack results in turning the cyclists lights to green, while other lights on the intersection will turn to red. The regular security systems that make sure lights are not turned green simultaneously stays intact. There are similar projects that turn the car traffic lights green for ambulances or trucks. If an attacker succeeds to exploit these projects with a similar attack, he could remotely influence the car traffic lights directly.