Slashdot Mirror
One Single Malicious Vehicle Can Block 'Smart' Street Intersections In the US (bleepingcomputer.com)
An anonymous reader shares a BleepingComputer report: Academics from the University of Michigan have shown that one single malicious car could trick US-based smart traffic control systems into believing an intersection is full and force the traffic control algorithm to alter its normal behavior, and indirectly cause traffic slowdowns and even block street intersections. The team's research focused on Connected Vehicle (CV) technology, which is currently being included in all cars manufactured across the globe. More precisely, it targets V2I (vehicle-to-infrastructure) protocols, and more precisely the I-SIG system implemented in the US.
The Michigan research team says the I-SIG system in its current default configuration is vulnerable to basic data spoofing attacks. Researchers say this is "due to a vulnerability at the signal control algorithm level," which they call "the last vehicle advantage." This means that the latest arriving vehicle can determine the traffic system's algorithm output. The research team says I-SIG doesn't come with protection from spoofing attacks, allowing one vehicle to send repeated messages to a traffic intersection, posing as the latest vehicle that arrived at the intersection. According to simulated traffic models, the Michigan team says that around a fifth of all cars that entered a test intersection took seven minutes to traverse the traffic junction that would have normally taken only half a minute. Researchers don't believe this bug could be exploited for actual gains in the real world, but the bugs' existence shows the protocol is poorly coded, even four years after first being proved unsecured.
The Michigan research team says the I-SIG system in its current default configuration is vulnerable to basic data spoofing attacks. Researchers say this is "due to a vulnerability at the signal control algorithm level," which they call "the last vehicle advantage." This means that the latest arriving vehicle can determine the traffic system's algorithm output. The research team says I-SIG doesn't come with protection from spoofing attacks, allowing one vehicle to send repeated messages to a traffic intersection, posing as the latest vehicle that arrived at the intersection. According to simulated traffic models, the Michigan team says that around a fifth of all cars that entered a test intersection took seven minutes to traverse the traffic junction that would have normally taken only half a minute. Researchers don't believe this bug could be exploited for actual gains in the real world, but the bugs' existence shows the protocol is poorly coded, even four years after first being proved unsecured.
Eh, a single malicious vehicle can block "dumb" intersections too if it just stops right there in the middle!
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
Ok...this is a new one on me.
When did they start this? What do I look for in my car for this?
More importantly, how can I disable this? I don't want my vehicle connect to any company, entity, or any other vehicle.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
A transponder hooked up to a Raspberry Pi and a battery could be made to have the same effect... fun times...
BTW - the Trump administration delayed the CV/V2V mandate in the US, and it's not mandated in the EU yet. One of the few Trump administration decisions that I wholeheartedly and completely support.
https://www.xkcd.com/1958/
Just slightly more complex, a malicious actor with a single vehicle can block a "dumb" intersection by driving doughnuts in the middle of the intersection.
This Space Intentionally Left Blank
They already did that with airbags. Technically you are legally required to have your airbags in working order during the transfer of title of a car. Practically speaking nobody does. But if there was an accident and the airbags didn't deploy, in theory the new owner of the vehicle could come back and sue you, and the government could come after you on criminal charges (I don't have the specific vehicle code entry for you. This was secondhand information from a professor who also worked for a local vehicle bureau branch.)
Additionally similiar laws are on the books for seatbelts as well as dozens under the vehicle emission code laws that don't necessarily affect emissions.
"Researchers don't believe this bug could be exploited for actual gains in the real world,"
The researchers don't seem to have a very active imagination...
- Large numbers of people with spoofers, say rush hour traffic or a caravan moving in one direction across the city, to have high probability of all vehicles moving in the same direction to always have a green light.
- The local bum^H^H^H grifter^H^H^H panhandl^H^H^H... errr... apparently disadvantaged contractor seeking private funding for self improvement, sitting on the side of the road causing large backups of people waiting at the light.
"Researchers don't believe this bug could be exploited for actual gains in the real world,"
They forget that people are perfectly willing to do things for the "LOLZ", without direct personal gain.
More importantly, how can I disable this? I don't want my vehicle connect to any company, entity, or any other vehicle.
Sorry, just like with the video games, there is no offline single player mode any more.
“He’s not deformed, he’s just drunk!”
One idiot can rubberneck, drive slow or attempt to drive whilst playong with their phone and it will bring traffic to a crawl for miles.
God forbid any flashing lights are visible because everyone and their brother has to stop and gawk at them.
Malicious can be both intentional or otherwise. The results are the same for 'smart' or standard traffic.
- Set up spoofers on the streets behind and paralleling your bank heist escape route to maximum police response time.
- Install a spoofer in your competitor's taxi/uber/delivery van.
- Install spoofers on the route from the pizza place to your house. 30 minutes or it's free?
Support Right To Repair Legislation.
I am an American myself.
Yeah, we could tell by the way you use an apostrophe to make a noun plural.
Enigma
> When did they start this? What do I look for in my car for this?
The article was wrong, clicked their source where they claim it is in every car is this info:
Only currently in select 2017 Cadillac models.
Since such an investigation of fault can lead to criminal and even felony charges, how about let's not be so all-in-a-rush to bypass civil rights and protections so you can make it to the Taco Bell drive-thru before closing, hmm? Deal?
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
How's life in the hypocrite lane?