This is NOT what San Francisco needs right now!

As if driving around the City and the surrounding Bay Area communities these days weren’t already a big enough nightmare, with bumper-to-bumper traffic jams that now rival LA’s freeways.

Now we get word that hackers have the ability to muck up the traffic-management software that cities use to try and keep vehicles moving around their already congested streets.

Meet Cesar Cerrudo, an Argentinian security researcher with IoActive who is today’s bearer of today’s bad news.

Cesar Cerrudo in downtown New York City, conducting a field test of vulnerable traffic sensors. Photo: Courtesy of Cesar Cerrudo

According to a post in, Cerrudo has discovered that “the vehicle traffic control system installed at major arteries in U.S. cities and the nation’s capital are so poorly secured they can be manipulated to snarl traffic or force cars onto different streets.”

Read it and weep:


The hack doesn’t target the traffic lights directly but rather sensors embedded in streets that feed data to traffic control systems. The vulnerable controllers–Sensys Networks VDS240 wireless vehicle detection systems–are installed in 40 U.S. cities, including San Francisco, Los Angeles, New York City, Washington, DC, as well as in nine other countries.

Here’s how it works:

The system is comprised of magnetic sensors embedded in roadways that wirelessly feed data about traffic flow to nearby access points and repeaters, which in turn pass the information to traffic signal controllers.

The sensors use a proprietary protocol designed by the vendor — called the Sensys NanoPower Protocol — that operates similar to Zigbee. But the systems lack basic security protections — such as data encryption and authentication — allowing the data to be monitored, or, theoretically, replaced with false information.

Although an attacker can’t control traffic signals directly through the sensors, he might be able to trick control systems into thinking that congested roadways are clear or that open roadways are packed with cars, causing traffic signals to respond accordingly, says Cerrudo.

And even more bad news: the folks who run these systems didn’t exactly jump when Cerrudo pointed out the flaws in their system. So if you’re hoping for some quick fix that will prevent hackers from making your cross-town drive even worse than it already is, don’t hold your breath.

While Cerruda acknowledges that the systems may have manual overrides and secondary controls that could be used to mitigate problems, an attacker could nevertheless create traffic jams and other problems — causing lights to remain red longer than they should or allowing cars at metering lights to enter freeways and bridges faster or slower than optimal — before anyone would notice and respond to the problem.

“These traffic problems could cause real accidents, even deadly ones by cars crashing or by blocking ambulances, fire fighters, or police cars going for an emergency call,” he writes in a blog post.

Credit: Cesar Cerrudo


Share this Post