Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Vendor Fixes Vulnerabilities in Wireless Traffic Sensors

Sensys Networks, a company that provides integrated wireless traffic data systems, announced last week the availability of software updates that address security issues identified last year.

Sensys Networks, a company that provides integrated wireless traffic data systems, announced last week the availability of software updates that address security issues identified last year.

In April, IOActive Labs CTO Cesar Cerrudo revealed the existence of several vulnerabilities in the sensor devices used by the traffic control systems installed in various cities across the United States, Canada, the United Kingdom, France, Australia and China. He conducted real-world tests in various U.S. cities and even simulated an attack launched from a drone.

“By exploiting the vulnerabilities I found, an attacker could cause traffic jams and problems at intersections, freeways, highways, etc,” the researcher explained back in April. “It’s possible to make traffic lights (depending on the configuration) stay green more or less time, stay red and not change to green, or flash. It’s also possible to cause electronic signs to display incorrect speed limits and instructions and to make ramp meters allow cars on the freeway faster or slower than needed.”

Cerrudo contacted the vendor through ICS-CERT in September 2013, but the company said the issues uncovered by the researcher were not critical. Last month, after the expert demonstrated his findings at the Def Con security conference, Sensys published a statement clarifying that its equipment does not directly control traffic signals, but “provides an input to third party traffic controllers who are responsible for the safe operation of traffic signals.”

“It is impossible to manipulate our systems, or data, to cause conflicting movements or phases to be displayed. Both the controller software and conflict monitor prevent the possibility of this scenario. Also, our system is not used to give priority to emergency vehicles and we cannot interfere with the operation of systems that do give such priority,” the company said.

Sensys also said its systems were not actually “hacked” by the researcher, and presented various “anti-vandalism features” that are available to customers. While the company maintains its position, last week it rolled out what it calls “new anti-vandalism enhancements” designed to protect systems against attacks (encryption and authentication), and notify operators in case of unauthorized access attempts.

The company says the enhancements will be included in all new hardware and software products, but they can also be wirelessly deployed to existing installations via the regular software update process. The software updates are free and there’s no need to replace any hardware, Sensys networks said on Friday.

According to ICS-CERT, the enhancements are actually fixes for the vulnerabilities identified by Cerrudo. In its advisory, the organization noted that Sensys Networks traffic sensors VSN240-F and VSN240-T (with software versions prior to VDS 2.10.1 and prior to TrafficDOT 2.10.3) are affected by insufficient integrity checks which could allow the installation of modified software that could damage the traffic sensors.

“A traffic sensor that has been rendered inoperable may cause the traffic system to default to a failsafe condition, prompting traffic lights of an intersection to operate on predetermined timed intervals. Only the traffic lights that are linked to compromised sensors may be impacted,” ICS-CERT said in its advisory. “Unencrypted communication between the traffic sensor and the access point could be modified and used to cause traffic collection data inaccuracies, which may have limited impact on traffic control for an intersection. Inaccurate collection of traffic data may yield limited influence over traffic light timing for an intersection.”

The integrity check issue has been assigned the CVE identifier CVE-2014-2378, while the lack of a mechanism for sensitive data encryption has been assigned CVE-2014-2379. ICS-CERT says the vulnerabilities can be exploited remotely by a highly skilled attacker.

Versions VDS 2.10.1 and TrafficDOT 2.10.3 address the flaws. ICS-CERT noted that an update (VDS 1.8.8) for older model access points will also be released this month.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.