Gizmodo reported yesterday about a new study from the University of Michigan on the vulnerabilities of traffic lights which is shocking proof that we need to make some major changes, and we need to make them now.
A team led by computer scientist J. Alex Halderman recently conducted a study on the security of traffic lights in an unnamed Michigan town and found them to be ridiculously easy to hack. Three major weaknesses—unencrypted wireless connections, the use of default usernames and passwords, and vulnerable dubugging ports—meant that the researchers were able to take control over the lights with a normal laptop. As long as the wireless card in the hacker's computer can communicate at the same frequency that the traffic lights use, it can break into the wireless network that powers the entire system.
It's pretty mind-boggling actually. A hacker can find the default usernames and passwords needed for unfettered access and take over a whole city's traffic system with one dinky exploit. And it really is a systemic problem. The research team wrote: "The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice, but rather show a systemic lack of security consciousness."
We agree. Security Awareness Training is needed on all levels from the end-user on up through development and the C-Suite.
