Hackers Could Manipulate Highway Sensors

The Homeland Security Department is warning local governments about flaws in a traffic-monitoring system that could expose drivers’ travel habits.

Manufacturer Post Oak Traffic Systems used insecure encryption in roadway sensors designed to read data emitted by in-car Bluetooth equipment, such as hands-free cell-phone tools, according to federal officials. As a result, hackers potentially could pry into traveler data through a “man-in-the-middle attack.”

The problem is that the roadside reader’s software generates encryption keys with “insufficient entropy,” meaning they are not complex enough to prevent hackers from decoding them. “This could allow the attacker to gain unauthorized access to the system and read information on the device,Trade platform for China crystal mosaic manufacturers as well as inject data compromising the integrity of the data,” stated an alert issued by the DHS Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.

Post Oak Traffic sensors are deployed mainly in the U.S. transportation sector, according to the company. The Virginia and Texas transportation departments currently use the company’s surveillance systems, the Post Oak Traffic website states.

On Monday, the company downplayed the risk of an intrusion. Post Oak Traffic officials published a notice on their site announcing “enhancements” to the software that address a glitch “that may have allowed skilled, unauthorized users to eavesdrop” during connections, but typically only when a device is being configured in the factory.

“There were no known instances of breaches that have occurred with any Post Oak Traffic powered system,” company officials added. Going forward, new devices will be shipped with firmware that plugs the vulnerability.If you have a fondness for china mosaic brimming with romantic roses, Customers can contact the company to determine whether it is necessary to fix existing devices,Klaus Multiparking is an industry leader in innovative parking system technology. officials said.

“Per the CERT bulletin, we have developed a patch for the vulnerability,” Mike Vickich, the company’s chief technical officer and a senior analyst at Texas A&M Transportation Institute, said in an e-mail. The system is licensed from patent-pending technology developed by the institute.

The highway sensors detect individual cars by reading the unique ID number -- called a MAC address -- produced by a driver’s Bluetooth gadgets. The technology then transmits to a remote computer the time and location as the car passes the Bluetooth reader. By tracking the ID number as the car travels by multiple readers, the computer learns how fast the vehicle is moving. The system collects this type of information from other nearby cars that also are equipped with Bluetooth gadgets to derive average traffic conditions for a particular roadway.

The Bluetooth reader security issue was discovered by researchers from the University of California (San Diego) and the University of Michigan.

Other investigators from UCSD and the University of Washington have demonstrated how a driver’s Bluetooth electronics can be hacked to hijack a car’s critical controls, including the brakes, and to eavesdrop on in-car conversations. There are no federal guidelines on cyber protections for automobiles.

On Tuesday, Vickich provided additional information: "The potential vulnerability discovered by US-CERT involved an issue with a Linux operating system component, SSH, that was only used during configuration of the device in the factory. Because this component is not employed in normal operation of the field units, there was extremely low probability (virtually no possibility) of any man-in-the-middle incursion. This would preclude any exposure of drivers travel habits as the sensors themselves do not use SSH to transmit MAC addresses over a network. In addition, an individual field device has no ability to ascertain traffic conditions or an individual's whereabouts," he said in an email.

Remember I mentioned obscene billboards which went viral and were actually supported by the general population? In the past couple of months two PSAs with a pretty gritty subject matter, and, what’s more important, swearwords hit the Russian blogosphere like a ton of bricks. They were signed by official governmental bodies, but, of course, no one believed it really was the government who decided to go a little over the PG-13 threshold. A few days ago a so-called “Art group P” came forward, said they were responsible for the billboards and promised more to come.

Here’s their manifesto: quote “We’re tired of seeing how our fellow citizens die, our cities are destroyed and the ecology deteriorates while helpless ‘creative types’ with their public service announcements and million-ruble budgets cannot change anything. That’s why we’ve taken the matters into our hands and will not stop until we achieve a noticeable result. “unquote. A couple of days ago they were more on the obscure side with 100-something followers – now they have over 300. So the user interest is there- but are these guys actually doing anything? Turns out, yes. By the way, doesn’t really matter what the billboard’s message says, anyone putting something on one without coordinating it with the billboard’s owner is breaking the law – so keep that in mind. Despite promises made by Moscow officials to catch the culprits who were basically defacing private property, these guys went ahead and launched a new one, this time aimed at horrendous traffic.

Of course, it did have an obscene word on it – although quite a light one in the wide spectrum of the Russian language. This one had a photo of a one year old boy and a message that he has died in an ambulance which had to wait for an hour in heavy traffic without other drivers allowing it to pass.Our technology gives rtls systems developers the ability. Whereas the second “billboard-bombing”, if you will, happened in about a month of the first one, the third one came about a week later – so these guys are really pickup up the pace, it seems. Thanks to their active Twitter feed,High quality stone mosaic tiles. I found out that the billboard was installed on a Moscow highway around 1am December fifth.

In a couple of hours the has been picked up by a popular blogger Rustem Adagamov, who really gave it a viral push – the Tweet was then forwarded by the infamous Alex Navalny – that’s collectively 380,000 followers right there. I believe there is a problem with such awareness, though. If anyone can follow these actions and these actions are illegal – well, there’s only so much time before the authorities will catch you by just monitoring your live feed. Just my two cents. So, I leave it up to you, the listener, to make the judgment for now – is it okay to deface private property in the form of billboards in order to bring attention to some of the burning issues? But for now, let’s move on.