I feel like this is the kind of thing that would've been completely ignored by everybody except for a handful of concerned hackers had it not been for the recent media outrage against Boeing (and in my opinion absolutely deserved).
I guess the question is how bad is it (from the article it's hard to tell exactly, but it sure doesn't sound great)? And another question is how many of our systems that we rely on, from bridges to airplanes to traffic lights, are just actually very insecure but either nobody notices or nobody exploits them?
That said, Boeing's abysmal PR and completely blanket "it's not our fault" statements make me assume the worst here. I have no idea how that company will ever earn back my trust. But maybe they have enough regulatory capture, much like Equifax, that they just don't care.
I can tell you traffic lights are extremely insecure. Last month there was a traffic light that was turned the wrong way, such that it was impossible to tell if the light was green. So I climbed the poll and turned it to the right direction. Another fellow pedastrian thanked me.
A bad actor could do anything from a DOS (positioning it the wrong direction) to tampering with the bulbs (for example swapping out all the greens with reds).
The reason most society doesn't collapse is because we assume most people are good actors. Unfortunately once your device is hooked up to the internet you vastly increase the odds of dealing with bad actors and have to spend more time and money securing against bad actors.
I live near a big avenue that has 12 lanes (6 for each direction). There are two local lanes (that you can enter or exit only on a few places).
It has been this way probably for longer than I'm alive (30 years). There is a huge traffic light for the central lanes with a visual timer (like all others in this avenue: green horizontal lines that fade one by one when the signal is closing soon) and a smaller one for the local south lanes on a given crossing.
After some road paving, pedestrian crossings were made accessible, but for some stupid reason changed the behavior of the local traffic to a deadly combination. The speed limit is 60km/h for both central and local lanes (but people drive from anything between 50-100km/h).
Previously for 30+ years: everything turned green/red at the very same time.
Since around some date before 1 January: central lanes turn green first. Smaller traffic light for the local lanes turns green after 10 seconds. Local lanes turn red a few seconds after the central too. In some places, it might create an incentive for you to swift to local and back (while hitting the gas pedal) after 30s-1min if you see traffic ahead and that you can't make it in the central lanes - not sure if I consider this a feature or a safety risk.
First time I passed by after the change I didn't stop (5.a.m. new year's eve) because I was watching the central lane semaphore and it was too late when I noticed they changed it. A second time, I had to hit the breaks.
During the first weeks after the changes, I saw a dozen or more cars either running the red light without stopping or after waiting for the [central] lane bright traffic lights go green.
Six months afterward, a reckless military driver killed a disabled woman in a wheelchair nearby. Probably unrelated but I'd be surprised if a related road design fault played a role.
> I can tell you traffic lights are extremely insecure.
All municipal infrastructure tends to be. It's usually implemented to a cost and security considerations are completely absent.
You can bet that in any given city, all those street light control cabinets are keyed alike and the city has no true idea who has keys and who doesn't.
This exact problem applies to so many domains it's literally for lack of effort that they haven't been exploited yet.
In India I found that in Bangalore (a city with far better infrastructure than most other), for a lot of intersections the traffic lights are toggle switches that some cop flicks on and off every so often. There is no lock on the switch cabinet.
All those cabinets use the same key across cities as well! Otherwise FEMA and other services would be unable to function. For the same reason all LEO handcuffs use the same key, so that any officer could release any handcuffed individual.
Edit: Some googling for links let me to this video, which seems relevant:
I'll Let Myself In: Tactics of Physical Pen Testers
> tampering with the bulbs (for example swapping out all the greens with reds).
Traffic authorities use coloured bulbs where you are? Weird.
Where I am, as far as I'm aware the colours always come from a gel in front of the lamp. Furthermore, the red lamp holder is larger than the green and amber ones.
I think they still use gels on white LEDs for many of them. I've had a look at a few that at least did that. It's possible they've switched to dedicated colour phosphors, or that the majority of them have been that way for a while.
I think many of the lights here are also retrofits from incandescent traffic lights.
All the traffic lights here in Australia are honking great big metal poles that you'd need some serious equipment to reposition. Swapping bulbs would be a big operation too.
What country are you in that has rotatable traffic lights?
I'm in the USA. This particular incident happened in Washington, DC. I also saw a driver do this once in Palo Alto in Silicon Valley.
Anyways, even if lights are too big to climb up you can put on a yellow vest and get a flashing light on your van and people wouldn't really think twice.
I hopped on Google Street view near the central core of Sydney, and it looks like at least in certain areas you all also have lights like that are close to the ground and easily accessible. I'm guessing in more suburban or rural areas the signals are higher up (which makes them easier to see from a distance while driving faster).
Even if the traffic lights can't be rotsteted it's relatively trivial for an bad actor to break it in some way and hanging up your permanent green light at night and then watch the chaos.
As gp said: The amount of such bad actors is low. And gains from an individual hack are low and there's a chance of getting caught.
"Relatively trivial" must be relative. Traffic lights where I am require a cherry picker in the intersection to get at.
This is like hacking servers. If you can get all the way to physical access with the device, of course it's exploitable. But that doesn't actually say a lot about how secure something is.
I imagine the quality of the lights around the world differ. If you can climb up and adjust it, these aren't the kinds of lights I'm thinking of.
So you'd need some equipment to do anything to them. And that equipment would have to basically shut down the intersection. So do it at 4am and hope that nobody drives by for the half hour you're there.
It's pretty pragmatic to take a 'wait and see' approach to dealing with bad actors. You start doing that in your town and there will be some changes once budget adjustments are made. LA had a problem with people tagging signs on the freeway, so now many are wrapped in razor wire.
>I have no idea how that company will ever earn back my trust
Millions of ongoing safe flights? I dunno. I feel like they're getting savaged (which they deserve... to a point... but we will cross that point I am pretty sure, if we haven't already...)
The thousands (tens of thousands?) of safe flights per day don't make the news. Boeing has been a pioneer in the safest form of transportation in existence. Mentour Pilot (an active 737 pilot on YouTube) goes into detail about why he's not concerned about Boeing (any more than he's concerned about Airbus).
I can also share a story from my (late) father who worked at Boeing from 30 years (and was working at Boeing during the MAX crashes). I asked him why Boeing let the 737-MAX debacle happen. These were a dying man's words (paraphrased): "Boeing wanted to ground the plane after the first 737-MAX crash but the FAA refused until after the second crash. Boeing did not have the authority to unilaterally ground the planes."
Also worth pointing out that there are 4 times as many 777s as there are A340s. Doesn’t mean A340 isn’t great, just that the odds of no accidents go up with fewer flight hours.
The popularity of A320 and 737-NG makes their safety records particularly impressive.
It also speaks highly of the level of engineering and testing required to determine the limitations of each an every part that must be maintained for safe flight.
I was always irrationally nervous flying into SFO, worried about precisely what ended up happening. We should all be glad the plane mostly held together through the cartwheel, saving many lives.
True, it's not part of the certification process, but I do know that modern jets airframes are made to be as... um... "flexible"* (? searching for the word here...) as possible in catastrophic situations. An older airframe probably would have disintegrated under the same forces.
Luck and good fortune also played a huge role of course. What the pilots did was unconscionably neglectful. CFIT is often (usually?) fatal for all passengers.
*EDIT: It's similar to software that's written to be extremely robust that encounters an unexpected error (or set of errors). The software wasn't necessarily designed to handle it, but sometimes it can nonetheless.
That isn't really something engineers can design to. What happens is the aerodynamics group calculates the maximum loads on the airplane. This is increased by 50% and called the "ultimate load", and the parts are all designed to not break up to that load.
Parts stronger than that are overweight, and weight is the enemy of all airplanes.
After parts are designed, they go through an independent "stress" group which verifies that the parts meet the strength requirements.
I think what he is referring to is the modern use of composites and carbon fiber which are both stronger and lighter than older aluminum or titanium components. Titanium, for example, is a very hard metal that will fracture more readily than a softer composite that is able to dissipate the stress better.
Boeing probably doesn’t have the ability to ground their fleet with legal force, but if they said, “these planes aren’t safe, don’t fly them until we can investigate and fix,” most airlines would listen and I don’t think the FAA could somehow block this.
If that quote is so[x], that casts a very deep shadow over the FAA. They've gone from handing off their responsibility for validation to outright rejecting the safety advice of the maker of the aircraft.
[x] and I don't mean that to doubt you but I hope you understand I can't be absolute on this without verification
Keep in mind I don’t know exactly how those conversations went between Boeing and the FAA, nor do I know exactly who my dad was referring to when he said Boeing (the head of engineering? head of safety? A group of people inside Boeing? Was Boeing unified in its opinion or was this concentrated in the area of engineering my father worked in?) Grounding an entire class of plane is not a decision made lightly because of the huge financial and political implications. My takeaway is Boeing leaned towards grounding and the FAA did not and on balance the plane stayed in the air while Boeing worked on the fixes.*
*EDIT: This is probably a conversation that happens after every crash/major-incident and hindsight is 20/20.
>how many of our systems that we rely on, from bridges to traffic lights, are just actually very insecure but either nobody notices or nobody exploits them
I write software that is critical for public safety customers (think police/firefighters). Maybe this is just my perspective having left a defense company but it is terribly insecure. The “secure” version of our product was obviously an after thought, it was poorly executed and i dont think it’s even used widely. And my company dominates this market, so the attack surface is huge
How likely do you think it is that a company that manufactures traffic lights and incidentally builds the software to control them would cough up 40+/hr to have someone independent come in and vet the software that was written for 12/hr and seems to work just fine?
Part of this is just a poor understanding and pricing for software consultancy - along with some absolutely terrible actors in the HPC realm. Ideally your HPC will come in and spend a fraction of the time vetting software that the dev team built, but occasionally you get a fraud who works 8/5 for a month at 120/hr and delivers nothing but vapor in the end.
Maybe some security consultant industry group could set up a certification program, though all the times in memory I've seen software related certification it's been
I guess the question is how bad is it (from the article it's hard to tell exactly, but it sure doesn't sound great)? And another question is how many of our systems that we rely on, from bridges to airplanes to traffic lights, are just actually very insecure but either nobody notices or nobody exploits them?
That said, Boeing's abysmal PR and completely blanket "it's not our fault" statements make me assume the worst here. I have no idea how that company will ever earn back my trust. But maybe they have enough regulatory capture, much like Equifax, that they just don't care.