A teenage computer whiz hacked into software that controlled traffic lights in a southwestern US city. Once inside the program, the 16-year-old boy accessed systems that could wreak havoc. An investigator said the boy could have turned all the lights to a blinking-red default that would snarl traffic. Or worse, turned them all green.
That was 25 years ago.
The case opened the eyes of Jim Christy, one of the arresting officers. He would go on to become the head of the cyber crime center within the US Department of Defense. Now Christy is warning automakers and transportation officials that not much has changed in the past quarter-century.
While the auto industry has begun addressing cyber-security holes in critical systems that run vehicles, Christy said during an appearance at the Los Angeles Auto Show the greater threats to motorists could lie in the sprawling infrastructures that communicate with cars or govern their movement.
Whether it’s traffic lights, GPS or the digital short-range communications that will handle the upcoming autonomous car era, these systems may be more attractive targets for hackers or terrorists because they hold the potential to cause greater harm and because they’re cheaper entry points.
“We hear connectivity in our vehicles is going to make life so much easier,” he said. “It’s actually a jungle out there…so this talk about connected cars makes me nervous.”
Automakers have increased their focus on cyber threats, forming a network to share information on security threats earlier this year. The National Highway Traffic Safety Administration opened a division that examines vehicle cyber-security issues in 2012.
Traffic lights have become central targets. Already this year, two cyber-security research teams have gained access to traffic light systems across the country and manipulated their signals.
Researcher Cesar Cerrudo demonstrated how he accessed traffic-light systems in dozens of cities earlier this summer, and last week, University of Michigan students announced they conducted similar experiments, manipulating more than 1,000 lights in one city alone.
In both cases, the researchers said the traffic-light systems are vulnerable because they’re using unencrypted signals. “It was surprisingly easy,” one student told NBC-TV.