In a new study, a group of computer scientists from the University of Michigan recently revealed a major vulnerability in an unlikely hacking target: traffic lights.

Using nothing more than a laptop and a wireless card that operated at the same frequency (5.8 gigahertz) as the wirelessly networked traffic lights, the group was able to take control of a number of lights in an unnamed area of Michigan (they had the permission of local authorities). This meant that they could alter the normal timing pattern of the lights, turning all the lights along a given route green, for instance, or freezing an intersection with all reds.

they could alter the normal timing of lights, or turn them all red

An estimated 62 percent of traffic lights nationwide are networked — many via wireless radios —so they can communicate with other intersections or a central server to optimize the flow of traffic. But, at least in some places, designers have taken no steps to protect these systems from outside threats.

The system tested by the researchers broadcast an unencrypted wireless network that was visible on normal laptops and smartphones, although they can't normally connect to it. But it only took a tiny bit of extra work for the researchers to do so, in part because whoever installed the system left default user names and passwords in place.

Once they had access, they could use a series of simple commands to freeze the traffic lights in their current state, or turn all lights red, or alter the timing of the light changes. The one thing they couldn't do was give all sides of an intersection a green light — that'd take physical access to the roadside traffic cabinet housing failsafe equipment, which automatically switches the whole intersection to a flashing red if a dangerous configuration occurs.

Still, the ease with which they took control of the lights is disturbing. That kind of control could easily allow someone to disastrously disrupt the flow of traffic in a busy area, and while it's uncertain whether all systems are so poorly protected, similar vulnerabilities have been found by others in cities across the US.

(Thanks to MIT Technology Review for the link.)

Correction: This previously stated that 62 percent of traffic lights are wirelessly connected. 62 percent are connected, but some fraction of those are connected through cables.