Monday, April 1, 2013

April Fools - Wirelessly controller traffic light

Hello guys,

Some time ago, a person who shall not be named emailed me and talked about new traffic lights that can be controlled wirelessly. Since access points are getting pretty powerful these days, it makes sense that they are now embedded in traffic lights to control them. The reason behind making it wirelessly accessible is to make maintenance easier for technicians so that they don't have to open the whole thing. They just have to connect to the AP inside the traffic light to do it.

Here is the maintenance page. The URL of that page is blurred for security reasons:


Since there is no reference to it on other pages and it's so basic, I guess they forgot to remove it on production units (or maybe it is just meant to be used by technicians/developers or it is security by obscurity). On other pages you can input parameters of the traffic lights when it is in automatic mode such as operating times (it will blink yellow when outside of it), how long does each light last, etc...


He even sent me one of those traffic light. As a side note, you would be amazed by the size of those things:




Here is a close-up where the AP is:


The network cable you can see is used to interconnect different traffic lights at crossroads to synchronize several of them. 

Well, of course, since they don't want people to just hack in and mess with the traffic lights, they did not make it easy to connect (SSID is random) and to find that page. However, the person who contacted me managed to grab the handshake while the maintenance guy was doing maintenance and apparently, they use the same easy passphrase ("Maintenance123") on ALL those new traffic lights. By decrypting the traffic, he figured out the page where you can control the traffic light manually.

We both tried to contact the company to let them know about the flaws since it's pretty unsafe/dangerous to be able to change the light on live traffic lights and especially since they use the same passphrase on all of them. But they never got back to us.