"The Michigan road agency's devices were all on the same network using commercially available radios. The protocol they used to communicate was proprietary but similar to the Wi-Fi we use in our homes. The connections were unencrypted, and the devices used factory-default usernames and passwords. Using one of the radios — which it assumed an able hacker could obtain with a bit of subterfuge — the Michigan team got onto the network and gained access to the controller. It was able to slow down or speed up light changes, freeze the state of the intersection indefinitely, and even turn the lights green along the route of a hypothetical getaway car. The malfunction-management units prevented it from turning on four conflicting green lights, but the team could send all the lights on the network into blinking-yellow mode, which could only be exited manually by workers at every intersection."
Continue Reading »