Just in:
FNC approves draft law regulating non-Muslim places of worship // Saif bin Zayed witnesses agreement signing to launch National Housing Platform ‘Darak’ // SwissCham Singapore Announces Ms Julie Raneda As New Chair // Positive Revision – Fosun’s Ratings Affirmed by S&P Global Ratings // Enhancing Patient Experiences with a Cohesive Healthcare Ecosystem // Congress Dithering Over Supporting AAP On Ordinance Is Height Of Stupidity // Opposition Parties Could Not Meet Properly PM Challenge On New Parliament Building // Maktoum bin Mohammed meets with Chief Executive of Moorfields Eye Hospital // Dubai Taxi sector trips achieve remarkable growth rate in Q1 2023 // PAOB Introduces “Business Revolving Loan” as the Expanded Collaboration with eftPay // Cong clinches a Rajasthan peace deal for election // NITI Aayog Is Steadily Losing Its Relevance As An Useful Think Tank For Planning // UAE participates in 18th Senior Officials’ Meeting and 7th Senior Official Level Strategic Political Dialogue of Arab-Chinese Cooperation Forum // Sultan bin Ahmed reviews UOS students’ Aljada mosque designs // EC orders updating of electoral rolls in five states // Infinite IT Solutions – your reliable business partner // NITI Aayog Has Failed To Play Any Effective Role In Planning For Indian Economy // Opposition weighing one man against Modi in 2024 // Sharjah Police’s Supreme Command Committee reviews plans to enhance security performance // UAE Government launches AI-powered chatbot platform ’U-Ask’ //
HomeTalking PointHacked road cameras can compromise security

Hacked road cameras can compromise security

|By Arabian Post Staff| Road sensors, cameras and traffic light systems face the risk of hacking and the data collected by these devices could be compromised with unforeseen results, endangering the security of both road users as well as city administrations.

Leading cyber security company Kaspersky Lab experts have, after extensive field research, proved that the data gathered and processed by these sensors can be dramatically compromised and can potentially affect the future decisions by city authorities on a development of road infrastructure.

Transport infrastructure in a modern megalopolis represents a very complicated system that contains different sorts of traffic and road sensors, cameras even smart traffic lights system. All the information gathered by these devices delivered and analyzed in a real time by the special city authorities. Decisions about the future roads constructions and transport infrastructure planning can be taken based on it. If these data will be compromised it can cause millions in losses to the city.

In particular, if fraudulent access to the transport infrastructure will be gained it might affect the following:

  • Compromising the data gathered by road sensors in attempt to sabotage it or resale to third parties;
  • Modification, falsification and even erasure of the critical data;
  • Demolition of the expensive equipment;
  • Sabotage the work of the city authority’s services.

Recent research made by Kaspersky Lab expert in Moscow was conducted on a network of specific road sensors that gather the information about the traffic flow in particular the quantity of vehicles on the road, their type and average speed and then transfers it to command center controlled by city authorities. City traffic authorities receive this information and use it to support and update a real time road traffic map. The map in its turn could then serve as a source of data for city road systems constructing or even for automated traffic lights system controls.

The first security issue, discovered by the researcher was the name of the vendor clearly printed on the sensor’s box. This information helped Kaspersky Lab’ expert to find more information on the Web about how the device operates, what software it uses etc. Also researcher discovered that the software used to interact with a sensor and technical documentation, are all available on vendor’s website. Technical documentation explained very well the list of commands that could be sent to the device by a third party.

Just walking nearby the device, the researcher was able to access it via Bluetooth as no reliable authentication process was implemented: anyone with a bluetooth-enabled device and software for discovering passwords via trying multiple variants (brute force) could connect to a road sensor.

Using the software and technical documentation, the researcher was able to observe all data, gathered by the device. He was able to modify the way the device is gathering a new data: for example changing the type of vehicles from a car to a truck or change an average traffic speed.  As a result all newly gathered data were false and not applicable for the need of the city.

Common measures identified by Kaspersky Lab to prevent that cyberattack against transport infrastructure devices include:

  • Removal of vendor’s name on the device, as this could help an attacker to find tools for hacking the device on the web;
  • Changing default names of the device and disguising vendor’s MAC addresses if possible;
  • Use of two steps authentication on devices with Bluetooth connection and protecting them with strong passwords
  • Cooperation with security researchers to find and patch vulnerabilities.