A security researcher identified a vulnerability in a traffic light controller that could potentially be exploited by malicious hackers to manipulate traffic lights and cause traffic congestion.
Andrew Lemon, a researcher at cybersecurity firm Red Threat, recently shared his findings in two blog posts detailing his research on the security of traffic controllers. Lemon specifically examined the Intelight X-1 device and discovered a flaw that allowed unauthorized individuals to take control of the traffic lights due to the absence of authentication on the web interface.
Despite his disbelief at the simplicity of the bug, Lemon was able to manipulate the timing of traffic lights, potentially disrupting traffic flow and causing congestion. He also identified similar vulnerabilities in other devices, such as Econolite controllers, that run the NTCIP protocol.
Upon discovering the flaw, Lemon reached out to Q-Free, the company that owns Intelight, to report the issue. Instead of addressing the vulnerability, Q-Free responded with a legal letter, casting doubt on the validity of Lemon’s research and threatening legal action if details were made public.
Lemon expressed surprise and frustration at Q-Free’s response, feeling that they were attempting to silence him with legal threats. Despite the lack of response from Q-Free, Lemon emphasized the importance of addressing these vulnerabilities to safeguard critical infrastructure.
Ultimately, Lemon’s research sheds light on the urgent need for improved cybersecurity measures in traffic control systems to prevent potential exploitation by malicious actors. The implications of these vulnerabilities underscore the importance of securing critical infrastructure to ensure public safety and maintain the efficiency of transportation systems.
