In the Netherlands, a serious vulnerability has been discovered in the traffic light management system, allowing attackers to remotely control signals at thousands of intersections across the country. This revelation has raised significant concerns among authorities.
Alvin Peppels, a 29-year-old ethical hacker, uncovered a critical flaw in the short-wave radio communications system (KAR) that has been in use to manage traffic lights since 2005. Using a homemade device, Peppels demonstrated the ability to change signals to green or red from several kilometers away.
Originally designed to prioritize emergency services and public transport, the KAR system is now at risk of being manipulated to create traffic chaos or disrupt essential services. Researcher Dav Maaband highlighted the shift from what were once considered fictional threats to real vulnerabilities in today’s society. Of particular concern is the ability for an attack to occur without the attacker needing to be physically near the traffic light.
The Ministry of Infrastructure and Water Management in the Netherlands has acknowledged the severity of the issue. The proposed solution is to replace the outdated traffic lights with modern systems, but this process is expected to take several years and may not be completed before 2030.
A plan is already in place to address the problem. The new technology, known as Talking Traffic, utilizes a mobile internet connection instead of radio signals. However, Peppels has cautioned that a centralized system like Talking Traffic could introduce new vulnerabilities, potentially allowing attackers to control roads on a much larger scale.
In addition to causing chaos at intersections, this vulnerability could also be exploited for more serious criminal activities. The National Cybersecurity Center of the Netherlands (NCSC) has emphasized that hacking traffic lights is a criminal offense that poses a threat to the safety of hundreds, if not thousands, of individuals.
This discovery has broader implications for the protection of critical infrastructure in the digital age. Maaband highlighted that many systems were created in a less hostile digital environment and are now facing vulnerabilities, especially during times of heightened geopolitical tensions.