Security Review: Traffic Lights

By sky at 11:59 pm on February 3, 2008 | 7 Comments

As i’m sure everyone already aware of, one way our country (and many others) directs traffic is with these things call traffic lights. We place them at intersections, at about a one to one ratio of oncoming lanes to traffic light boxes. A box has three states, green, yellow, red. Green means you can go, yellow means red is imminent, and red means don’t go. Of course.

Now, how are these lights choosing which state do display? A set of lights at an intersection should display a setting that does not give multiple lanes the right of way to crossing paths. But when do we change states? In the beginning, it was all done off timers. At set intervals the right of way was changed from one lane to another, ect. However, then people realized that depending on the time of day, we might want different settings. And then people were like, hey lets put in sensor’s to figure out if there is car waiting! These things are usually are metal detects, but weight detectors exist also. All these strategies used the idea that each intersections should be independent of all the others. But then humans got the idea that if we could get ‘waves’ of green lights to happen, we could get even more efficiency. This requires intersections to talk to other intersections, as well as the ability to program in this information, and maintain/reset it as needed.

Many intersections also have buttons for pedestrian’s to push if they wish to walk across. This would give another signal to the lights, and the lights would queue up this request, and execute it eventually. Emergency vehicles also have a similar ability (and in some cases public transportation such as buses and light rail), which is called traffic signal preemption. Depending on the implementation, it can use radio waves, infrared, strobe lights, and audio signals from a siren to trigger. This will switch only the emergency vehicle’s path to green, and everyone else to red.

Assets

The speed at which we are able to more cars and pedestrians though intersections is very important. Traffic lights are supposed to be an efficient way to direct traffic. This means that we want the traffic light to be doing what it is supposed to, all the time.

We do not want any unauthorized people to use the preemption mechanism in many traffic lights. If we wanted them to be able to use it, they would be authorized.

We probably would not like any unauthorized people to be able to see when traffic signal preemption was used.

Adversaries

Disgruntled, cruel, or terroristic people might want to disrupt the efficiency of the traffic system to waste other people’s time by giving too many red lights. They might also want to harm people, by giving too many people green lights, which could easily cause and accident.

Bank robber’s or other sorts of organized crime that might have to deal with the police, and might want to be able to tell where the police were. If they could tap into the traffic signal system, and get notices whenever traffic preemption was used in an area, they could effectively see where the police cars were at and which direction they were going.

Weaknesses

The box is a physical object, so we could tamper with that. We could pull out it’s power, break lights, switch the color of the lights, remove it from its location, ect. Most of these would probably take a fairly large ladder, as the traffic lights are suspended pretty far off the ground. Some of these would be obvious if tampering had occurred, but if the green and red lights had been switched, the first few cars might not notice this.

The traffic lights must have some logic some where telling them what to display. So depending on how this is stored, whether it is in a program, or mechanically rigged, it was set originally somehow, and probably is accessible for maintenance, so i would imagine that it would be possible to access and change these. It would be much easier for someone that has authorized access already, or at least inside knowledge of how this works to perform this sort of attack.

The preemption emergency vehicles use could be spoofed. Either by recreating the apparatus that emergency vehicles use, or simply be stealing existing equipment

Defenses

In order to stop physical tampering, we could put in senors, that would send signals to the police if something was damaged, such as a light.

In order to stop tampering with the logic, we could keep the controller in a far away, such as a public building, that is either locked or guarded at all times.

It might be difficult to stop spoofing emergency signals. however, it might be easy to identify when spoofing has occurred, if someone who uses preemption is forced to later in the day, use some system to verify that it was them that used it.

Risks

There are probably easier ways to figure out where police cars are, so we probably do not really need to keep the confidentiality of when preemption is used. However, if all lanes simultaneously got a green light, and people died, this could be very tragic. Lights that are obviously displaying too many red signal might be wasting peoples’ time initially, but one would hope that it would be reported fairly quickly, and fixed.

It is far more likely it seems that accidents will occur because of driver error, and not traffic light error. For now, it seems safe to assume that traffic lights always work correctly, but this might not always be the case.

Filed under: Miscellaneous,Physical Security,Security Reviews7 Comments »

7 Comments

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Rene Schickbauer

    March 21, 2008 @ 3:34 am

    Traffic lights are (most of the time here in europe) controlled by a PLC (Programmable Logic Controller), located in a grey box near the crossing. The box usually looks like one of those used by phone companies to patch lines.

    Modern traffic lights (and similar equipment) in the US starts to use standardized hardware and communications protocols, see also Wikipedia and NTCIP.org.

    This, of course, should give any attacker all information required, as well as possible access to “evaluation equipment” when posing as a possible buyer or security tester.

  • 2
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Jon Thompson

    March 21, 2008 @ 7:57 am

    It would be really simple to stop spoofing for the most part. Assign a randomized serial number to each preemption device, and have that device send the serial number. The reader then compares with a known-good/known-bad database and either allows the user through properly or notifies the police. If further protection is needed, you can use some sort of active encryption between the devices.

  • 3
    Get your own gravatar for comments by visiting gravatar.com

    Comment by James Youngman

    March 25, 2008 @ 4:44 pm

    Plurals don’t have apostrophes. You might also want to watch the 1969 film, “The Italian Job”, for a related example.

  • 4
    Get your own gravatar for comments by visiting gravatar.com

    Comment by sam

    April 11, 2008 @ 10:19 am

    Um…

    surely you simply make the emergency vehicle signal set the traffic lights to all red. Since the emergency vehicle is allowed to cross to the other side of the road and go through the red. Something that would be safe when all the lights are red so no other traffic is moving…

    That way it’s useless to people who want to give themselves and green light.

  • 5
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Michael Loftis

    April 22, 2008 @ 2:04 am

    Traffic lights commonly include an independent sort of fail-safe circuit called an “opposing green” detector. If this circuit (sometimes it’s mechanical) sees greens go on that would cause opposing traffic to be directed at eachother, it will short the system to some form of flashing red or red/yellow or flashing yellow until the DOT gets out to the box to examine the fault.

  • 6
    Get your own gravatar for comments by visiting gravatar.com

    Comment by matt rupert

    May 28, 2008 @ 4:09 pm

    In college I had heard the myth that by flashing your headlights rapidly on and off or high-beams to low-beams you could exploit the preemptive quality. I have no idea if it’s true but I must admit I’ve tried with mixed results.

  • 7
    Get your own gravatar for comments by visiting gravatar.com

    Comment by marc

    August 24, 2008 @ 4:27 pm

    The traffic lights in most areas can be preempted by using a strobe light flashing at 14Hz for emergency vehicles or at 10hz for non emergency use, such as long or slow vehicles that need extra time through the lights. the sensors are on the light poles with 1 for each direction of travel. the sensors or sensitive to all visible light and infrared. as a strobe light would be noticed on a regular passenger vehicle, a simple visible light filter would remove the visible portion of the light emitted from the strobe but still activate the preemption mode in the traffic signals. in most cities the preemp mode causes a red strobe or white lamp on the lights to indicate the current mode. in addition to the indicator, the current active light sequence is set to red for all and then green to the direction that is being preempted. while emergency vehicles can legally go though a red traffic signal, most will not, to avoid a collision with opposing lanes. this is especially important in situations where there may be emergency vehicle coming from more than one direction at a particular intersection.

RSS feed for comments on this post