Weaknesses in 802.11p vehicular wireless networks could make them targets for terrorists seeking to wreak havoc on the nation’s highways, according to a briefing scheduled this week at the Black Hat DC conference.
The technology, commonly used for electronic toll collection, will someday be used for controlling traffic flow and warning drivers of highway dangers – a system that could be exploited if not implemented properly, says Rob Havelt, director of penetration testing at security vendor Trustwave’s SpiderLabs, who will co-present a briefing called “Hacking the Fast Lane: Security Issues with 802.11p, DSRC and WAVE”.
“It would make killing a lot of people easy,” he says of 802.11p systems for traffic control that aren’t designed and deployed with an eye toward security. The standard itself is secure, he says, but systems using it are complex and that can lead to insecurity.
For instance, one role of these systems is to warn drivers of potential hazards in the road ahead. If the system is hacked and this information is false, that could lead to drivers reacting in dangerous ways that could cause pileups and traffic jams, he says.
“Designers need to pay attention to secure architecture for the whole network,” including firewall controls and access controls. “Typically with perceived closed systems, proper security architecture tends to go out the window.”
802.11p is a standard that governs how wireless 5.9G Hz communications should work among moving vehicles and to moving vehicles. Public safety uses include collision avoidance by warning drivers that a vehicle ahead has braked hard for some reason, how far ahead that vehicle is and what lane it’s in, giving following drivers time to get out of the way.
The system could also control traffic flow, directing vehicles around known congestion to alternate routes. Proprietary implementations of this wireless technology are already used in toll collection, with cars being fitted with transponders (onboard units or OBUs) that communicate with stationary units at toll booths (roadside units or RSUs) that tell backend systems to tap bank accounts or credit cards for appropriate tolls.
Researchers have already shown how to build equipment that can imitate RSUs, Havelt says. “It’s relatively easy to do.” So locking down access is important, he says, making sure encryption keys that secure the traffic are stored safely, for example. “You would have to take care to guard the physical access to the RSUs,” he says. Digital certificates would also have to be protected. If hackers gain control to the RSUs, they could be tricked into believing traffic is heavier or lighter than it really is and to open or close lanes inappropriately. The system could be shut down entirely via denial of service that would render the collision avoidance system useless, he says. Man in the middle attacks could steal private data from OBUs as it is sent to RSUs to pay tolls, he says. “The implementation could be the downfall here,” he says. So far there haven’t been real-world exploitations of these systems. “This is mostly academic at the moment,” Havelt says.