Black-hatted-extortionists are showing just how vulnerable our traffic control and other public transit systems are to hackers
As the world becomes increasingly dependent on Internet-enabled technology, so too do our traffic systems. Unfortunately, security systems have not kept up to date with the problems posted by hackers. The sensors that detect vehicles, the transmitters that carry information to traffic lights, and even the computers housing all of this information are vulnerable to attacks.
Take, for example, Cesar Cerrudo, who taught himself how to infiltrate cybernetic systems, including traffic systems in the United States. Luckily, Cerrudo is a professional “white hat” hacker who is dedicated to enhancing security rather than breaching it. Still, his ability to infiltrate a traffic system with a device he built for less than $100 demonstrated just how vulnerable public infrastructure is.
Based on Cerrudo’s example, it would take someone earning minimum wage in the United States less than two days to acquire what they needed to hack the traffic control systems of Los Angeles, New York City, or Washington D.C.
Cyber joyrides have gone bad
Of course, none of this is meant to suggest that an attack from a sinister cabal of hackers is inevitable. A more likely threat, in the minds of some security experts, is an angry teenager or a bored college student going for a cyber joy ride. There are already young hackers sating their boredom by messing with Microsoft and pranking high-level government officials. So, it isn’t a stretch of the imagination to think that an aspiring hacker might try to penetrate a traffic control system in the near future, maybe simply for fun and bragging rights.
Unfortunately, this issue is not just limited to traffic control systems. Thanks to dated software, hundreds of cars already on the road could be vulnerable to infiltration. A hacker could send messages to a car to activate the emergency brake or to lock power steering, with no way for the driver to safely disengage. In fact, any car that offers Wi-Fi connectivity may be at risk, if not properly updated. The same issues face virtually every other type of infrastructure, from toll booths to airplanes.
From fiction to fact
This may all seem like fantasy and science fiction-induced paranoia. After all, the vulnerability of traffic systems has been seared into the public’s psyche by such popular movies as “Superman,” “Live Free or Die Hard” and “The Italian Job.” There are, however, several documented cases of hackers taking over traffic systems.
In 2008, a teenage boy in Poland hacked a local tram system. He caused four trams to derail, resulting in a dozen passengers being injured. He was not, however, trying to be outwardly malicious, and seemed to carry no terroristic intent. Instead, he was playing with it “like any other schoolboy might a giant train set.” Some hackers, however, are less well-intentioned. For example, a group of hackers infiltrated the Sacramento Regional Transit system just last year. They deliberately erased essential data and only offered to return control of the system if they were paid in Bitcoin.
If it can happen to a state capital’s transit department, there’s no reason it cannot happen somewhere else. An ambulance, a firetruck, a plane, or a train. In a world of increasing wireless connectivity, it’s hard to know where the next threat will emerge.
The good news is that officials who take the right steps to secure public infrastructure today won’t have to rely on Superman or John McClane to save the day when the next attack comes.
Absolute Logic’s clients across four states and 40 industries are guided safely through the threat landscape. Our wide array of services includes system security suites, risk assessment, education, and training and disaster recovery. If you’d like us to put our expertise to work for you, we’d be happy to help. Call us at 844-315-9882 or use our contact form for a free consultation.