One Single Malicious Vehicle Can Block 'Smart' Street Intersections In the US (bleepingcomputer.com) 98
An anonymous reader shares a BleepingComputer report: Academics from the University of Michigan have shown that one single malicious car could trick US-based smart traffic control systems into believing an intersection is full and force the traffic control algorithm to alter its normal behavior, and indirectly cause traffic slowdowns and even block street intersections. The team's research focused on Connected Vehicle (CV) technology, which is currently being included in all cars manufactured across the globe. More precisely, it targets V2I (vehicle-to-infrastructure) protocols, and more precisely the I-SIG system implemented in the US.
The Michigan research team says the I-SIG system in its current default configuration is vulnerable to basic data spoofing attacks. Researchers say this is "due to a vulnerability at the signal control algorithm level," which they call "the last vehicle advantage." This means that the latest arriving vehicle can determine the traffic system's algorithm output. The research team says I-SIG doesn't come with protection from spoofing attacks, allowing one vehicle to send repeated messages to a traffic intersection, posing as the latest vehicle that arrived at the intersection. According to simulated traffic models, the Michigan team says that around a fifth of all cars that entered a test intersection took seven minutes to traverse the traffic junction that would have normally taken only half a minute. Researchers don't believe this bug could be exploited for actual gains in the real world, but the bugs' existence shows the protocol is poorly coded, even four years after first being proved unsecured.
The Michigan research team says the I-SIG system in its current default configuration is vulnerable to basic data spoofing attacks. Researchers say this is "due to a vulnerability at the signal control algorithm level," which they call "the last vehicle advantage." This means that the latest arriving vehicle can determine the traffic system's algorithm output. The research team says I-SIG doesn't come with protection from spoofing attacks, allowing one vehicle to send repeated messages to a traffic intersection, posing as the latest vehicle that arrived at the intersection. According to simulated traffic models, the Michigan team says that around a fifth of all cars that entered a test intersection took seven minutes to traverse the traffic junction that would have normally taken only half a minute. Researchers don't believe this bug could be exploited for actual gains in the real world, but the bugs' existence shows the protocol is poorly coded, even four years after first being proved unsecured.
Re: I will park the car in the intersextion (Score:2)
Ivan, Ivan, Ivan - you live in *Moscow* and you're sexually frustrated? You really need to get out more.
Re: (Score:2)
...a hostile actor can cause overwhelming congestion...
... even without exploiting any "smart" technology.
Re: (Score:2)
The real reason why we are not dead already is the fact that most people are not total jerks who actively just want to make everyone lives miserable, with no real benefit towards them.
So why are you in jail? Well I thought it would be funny to trick the traffic lights to make them all red. In turn 3 ambulances couldn't make it to the Hospital in time, 1 Firetruck cause a house to burn down. All because some one got tired waiting in traffic, tried to do a U-Turn collide with a gasoline truck hurting 3 peop
Re: (Score:1)
Gee, I remember when kids just used to steal stop signs
Re: (Score:2)
Re: (Score:1)
https://xkcd.com/1958/ [xkcd.com]
Yep, XKCD covered this
Damage? (Score:2)
I don't want to cause damage. I just want to hack the system to get all the green lights.
Re: (Score:2)
"Imagine, then, a situation where, at one given instant every single traffic light on this congested island turns green and STAYS green." From "To Invade New York....", by Irwin Lewis, in Analog SF 1963. Available at https://www.gutenberg.org/file... [gutenberg.org]
Always a problem (Score:1)
This kind of thing is always a potential problem. If you allow uncontrolled inputs, you always need to check if somebody is acting maliciously. Technical improvements could obviously help, but it's at least as important to have legal mechanisms to back them up. Spoofing the system needs to be illegal with real penalties for violations and reasonable mechanisms for spotting the spoofers. This is the new equivalent of making it illegal to use emergency lights if you aren't an emergency vehicle.
Re:Always a problem (Score:5, Insightful)
Ok...this is a new one on me.
When did they start this? What do I look for in my car for this?
More importantly, how can I disable this? I don't want my vehicle connect to any company, entity, or any other vehicle.
They will just make it illegal to disable it. (Score:2, Informative)
They already did that with airbags. Technically you are legally required to have your airbags in working order during the transfer of title of a car. Practically speaking nobody does. But if there was an accident and the airbags didn't deploy, in theory the new owner of the vehicle could come back and sue you, and the government could come after you on criminal charges (I don't have the specific vehicle code entry for you. This was secondhand information from a professor who also worked for a local vehicle
Re: (Score:2)
On what basis do you claim "Practically speaking nobody does." I don't think I've ever even heard of someone intentionally disabling the airbag, except one person whose mother weighted less than 80 pounds, and wouldn't legally be able to ride in the front seat if the airbag wasn't disabled. (Not sure how the law currently reads.)
Re: (Score:2)
"Technically you are legally required to have your airbags in working order during the transfer of title of a car"
Not if you do it as-is by selling it under a salvage title.
And the strictest road state - CA, only requires emissions testing and brake/lights inspection. That's it.
Re:Always a problem (Score:4, Funny)
More importantly, how can I disable this? I don't want my vehicle connect to any company, entity, or any other vehicle.
Sorry, just like with the video games, there is no offline single player mode any more.
Re: Always a problem (Score:2)
You can't disable it. That's the point.
Re: (Score:3)
> When did they start this? What do I look for in my car for this?
The article was wrong, clicked their source where they claim it is in every car is this info:
Only currently in select 2017 Cadillac models.
Re: (Score:2)
Just got a new car last year, and shouldn't be in it.
Re: (Score:2)
Connected vehicle has been around for ages. In fact it will probably become mandatory soon, in order to automatically report accidents. If the airbags deploy the vehicle sends an SoS over the mobile network, with the location of the crash.
The easiest way to disable it is probably to disconnect the antenna. Then it will just think it is in a bad signal area and not start throwing up error messages.
Re: (Score:2)
a cell jammier can do the same thing (Score:2)
a cell jammier can do the same thing
Eh, it can block even "dumb" intersections (Score:5, Insightful)
Eh, a single malicious vehicle can block "dumb" intersections too if it just stops right there in the middle!
Re: (Score:2)
Right, don't quite get the "eureka" aspect of this.
Re: (Score:1)
I think the big difference is for a malicious vehicle to do it in the traditional sense, you'll have a pretty damned good idea who's doing it. With this, they may just be parked in a parking lot near the intersection, and their "vehicle" may be a backpack.
Re: (Score:2)
Re: (Score:2)
Eh, a single malicious vehicle can block "dumb" intersections too if it just stops right there in the middle!
Actually that's the worst place to put it to block an intersection... you'll just change it from a junction into a roundabout. If you want to block an intersection, park it in the path of traffic.
However a quick glance of the summary says that the vehicle does not need to be in the intersection... or even a vehicle at all. Just a radio sending a control signal... and not even a malformed one, just spamming a legit signal.
The old-fashioned way VERY effective (Score:2)
Crashes do this all the time now. If there's a wreck on the freeway I use to get to work, it clogs the entire freeway so that traffic slows to a snail's pace. The alternative routes also fill up fast. Doesn't take rocket science; just old-fashioned stupidity and inattention.
It doesn't help that crash inspectors have to "do science" on the wreck to understand it better. Why waste tens of thousands of commuter hours to clear up the insurance of 2 people? Selfish allocation of resources. Take lots of pictures
Re: (Score:1)
They don't do major investigations unless someone is injured or killed or evidence of a major crime exists, so.. unwarranted rant maybe.
Re: (Score:1)
Often somebody is injured, but why so slow to move them? I realize sometimes you have to be careful about broken backs, but it seems the delays are too common for that: not everybody busts their back. Granted, I don't know all the details, but it seems like unjustified delay due to silly laws or rules.
Re: (Score:1)
There are signs up and down the highway in SC telling you to move the vehicles off the road if there are no injuries. Some people do, others do not. But in both cases, the cars passing the accident (or person changing a flat tire, etc.) slow way down to gawk, which causes additional delays and addition crashes, which causes even more slow downs and more crashes, which causes... well, you get the picture. Once you're past the wreck, the speed limit instantly goes from 5 mph to 80. Stop rubbernecking ya l
Re: (Score:2)
That's a dumb rule. Tens of thousands of people, perhaps hundreds of thousands sometimes, are inconvenienced for that. The cost trade-off to society is NOT worth it. Let it go so traffic can go. Math gives it the finger.
Re: (Score:1)
The trick that needs to be used is to assess the actual cost of the investigation onto the Insurance company that often is the interested party requiring the investigation. Calculate the cost in the slow-down of 5000 people trying to get to work. Assess that as an additional expense to the interested parties insisting on disrupting traffic for the investigation.
Re: (Score:3)
Since such an investigation of fault can lead to criminal and even felony charges, how about let's not be so all-in-a-rush to bypass civil rights and protections so you can make it to the Taco Bell drive-thru before closing, hmm? Deal?
Strat
Re: (Score:1)
Sorry, I weighed the tradeoffs and feel differently about this. Your Taco Bell example is cherry-picking. Sample Error. I did the "pain math" and it benefits the aggregate drivers by far. I invite you to also do it.
Righties are just as pro-snooping if not more. They just tend to back snooping on different things.
Re: (Score:2)
While I hate getting stuck in traffics as much as the next person. I am comforted in the fact that there is an inspector to "Do Science" on the wreck so the justice system has data to work with. Freedom and Justice doesn't and shouldn't be equated with an economic outcome. Because if such thing shows that it was because a fault in the road, that needs to be fixed asap, or the person made a living collecting off of insurance claims by getting into an accident on purpose. Should be punished and jailed, to k
Re: (Score:2)
It isn't their fault the freeway stays priced below market equilibrium when crashes occur. If the free market were allowed to work, people would carpool home and back to work again the next day, or take the train or bus, etc. and the crash would not have wasted any commuter hours.
Who needs a car? (Score:3)
A transponder hooked up to a Raspberry Pi and a battery could be made to have the same effect... fun times...
BTW - the Trump administration delayed the CV/V2V mandate in the US, and it's not mandated in the EU yet. One of the few Trump administration decisions that I wholeheartedly and completely support.
Obligatory xkcd (Score:4, Funny)
Just slightly more complex, a malicious actor with a single vehicle can block a "dumb" intersection by driving doughnuts in the middle of the intersection.
Re: (Score:2)
Re: (Score:1)
It's bitztream the autism-hating, custom EpiPen-hating, Musk-hating, Qualcomm-hating, Firefox tabs-hating, Slashdot editors-hating Slashdot troll!
So (Score:3)
My favorite part (Score:1)
Re: (Score:3)
"Researchers don't believe this bug could be exploited for actual gains in the real world,"
The researchers don't seem to have a very active imagination...
- Large numbers of people with spoofers, say rush hour traffic or a caravan moving in one direction across the city, to have high probability of all vehicles moving in the same direction to always have a green light.
- The local bum^H^H^H grifter^H^H^H panhandl^H^H^H... errr... apparently disadvantaged contractor seeking private funding for self improvement, sitting on the side of the road causing large backups of people waiting a
more... (Score:4, Interesting)
- Set up spoofers on the streets behind and paralleling your bank heist escape route to maximum police response time.
- Install a spoofer in your competitor's taxi/uber/delivery van.
- Install spoofers on the route from the pizza place to your house. 30 minutes or it's free?
Re: (Score:2)
"Researchers don't believe this bug could be exploited for actual gains in the real world,"
They forget that people are perfectly willing to do things for the "LOLZ", without direct personal gain.
Re: (Score:2)
In real cities we use things called bikes/walk (Score:1)
In a real city, when this happens, we just ignore the all way stop signal and just walk or bike through the intersection, or use our skateboards.
Only old people and suburbanites use cars. They deserve to stew.
Re: (Score:2)
we just ignore the all way stop signal
You and all the homeless bums.
Re: (Score:1)
I'll have you know our houses are worth millions. Whereas the car drivers ... aren't.
Re: (Score:1)
And you can't go out in the yard.
I don't live in a city or a suburb.
This weekend I forgot my laptop out on a table on the back porch.
I remembered it about a half day later. Obviously it was still there, because nobody steals stuff out here.
Stay in your crime-ridden shithole, because we don't want you out here.
Simple solution (Score:2)
Get one of the programmers on here who brag how much they're being paid to produce code which is flawless and fully documented to rewrite the protocol.
Once you get one of those experts involved, anything is possible.
Say it ain't so! (Score:2)
Next they'll say a stupid truck-driver with slick wheels can jackknife a whole highway shut for almost a day in winter.
Re: (Score:2)
UPS deliveries FTW!
What could possibly go wrong (Score:1)
How about 'No'. (Score:2)
Just quit with all the automated light crap already. The best traffic flow I've ever seen is in parts of Chicago. Where they still have electromechanical timers* and just sync them for a given speed between lights. Yeah, this won't keep some Aspie from freaking out at 1:00AM if he pulls up to a red light and still has to wait for an empty intersection. But who cares?
*The only benefit I can see for networked signals is the ability to reset them quickly following a power outage.
Re: (Score:2)
Just forget about lights all together. Damn *American's. It's called a roundabout. There's a couple in the Chicago area suburbs. Only a couple. 30-50% more traffic through the "intersection" with no stopping. What a concept.
They were talking about a continuous flow intersection on a busy corner where I used to live. The idea died and the intersection has gone from bad to worse. I moved.
* I am an American myself. Born and raised. :)
Re: (Score:3)
I am an American myself.
Yeah, we could tell by the way you use an apostrophe to make a noun plural.
This is different how ? (Score:3)
One idiot can rubberneck, drive slow or attempt to drive whilst playong with their phone and it will bring traffic to a crawl for miles.
God forbid any flashing lights are visible because everyone and their brother has to stop and gawk at them.
Malicious can be both intentional or otherwise. The results are the same for 'smart' or standard traffic.
A single malicious driver... (Score:1)
can already block an intersection. This is nothing new.
Also... (Score:1)
you're only supposed to blow the bloody doors off (Score:2)
Author went to Sideshow Bob's grammar school (Score:2)
"More precisely, it targets V2I (vehicle-to-infrastructure) protocols, and more precisely the I-SIG system implemented in the US."
Sideshow Bob: Your children are no more than a pair of ill-bred troublemakers.
Homer: Lisa too?
SSB: Especially Lisa... But ESPECIALLY Bart.
How to fix that? (Score:2)
How can they fix that? The thing require authenticating vehicles, which probably means loading a digital certificate in it. But soon or later, keys will leak.
Perhaps the whole thing was a bad idea, after all.
Define malicious (Score:2)
So the system works as intended? When a vehicle stops and blocks traffic (whether intentional or due to a crash or breaking down), traffic is routed away from it. What's the problem here?
"one single malicious vehicle" (Score:1)