The Daily Caller logo
Tech

Connected Cars Can Lie, Posing A New Threat To Smart Cities

A self-driving car is tested by German company Continental on the A2 motorway in Hanover, Germany April 25, 2018. REUTERS/Fabian Bimmer

REUTERS/Fabian Bimmer

The Conversation Contributor
Font Size:

Qi Alfred Chen, University of Michigan and Z. Morley Mao, University of Michigan

The day when cars can talk to each other – and to traffic lights, stop signs, guardrails and even pavement markings – is rapidly approaching. Driven by the promise of reducing traffic congestion and avoiding crashes, these systems are already rolling out on roads around the U.S.

For instance, the Intelligent Traffic Signal System, developed with support from the U.S. Department of Transportation, has been tested on public roads in Arizona and California and is being installed more widely in New York City and Tampa, Florida. It allows vehicles to share their real-time location and speed with traffic lights, which can be used to effectively optimize the traffic timing in coordination with the real-time traffic demand to dramatically reduce vehicle waiting time in an intersection.

Our work, from the RobustNet Research Group and the Michigan Traffic Laboratory at the University of Michigan, focuses on making sure these next-generation transportation systems are secure and protected from attacks. So far we’ve found they are in fact relatively easy to trick. Just one car that’s transmitting fake data can cause enormous traffic jams, and several attack cars could work together to shut down whole areas. What’s particularly concerning is that our research has found the weakness is not in the underlying communication technology, but in the algorithms actually used to manage the traffic flow.

Misleading an algorithm

In general, algorithms are meant to take in a variety of inputs – such as how many cars are in various locations around an intersection – and calculate an output that meets a particular goal – such as minimizing their collective delay at traffic lights. Like most algorithms, the traffic control algorithm in Intelligent Traffic Signal System – nicknamed “I-SIG” – assumes the inputs it’s getting are honest. That’s not a safe assumption.

The hardware and software in modern cars can be modified, either physically through the car’s diagnostic ports or over wireless connections, to instruct a car to transmit false information. Someone who wanted to compromise the I-SIG system could hack her own car using such methods, drive to a target intersection and park nearby.

Once parked near the intersection, we’ve found that the attacker could take advantage of two weaknesses in the algorithm controlling the light to extend the time a particular lane of traffic gets a green light – and, similarly, the time other lanes get red lights.

The first vulnerability we found, which we call “last vehicle advantage,” is a way of extending the length of a green-light signal. The algorithm keeps an eye on approaching cars, estimates how long the line of cars is and determines how long it thinks it will take for all the vehicles in a line of traffic to get through the intersection. This logic helps the system serve as many vehicles as possible in each round of light changes, but it can be abused. An attacker can instruct her car to falsely report joining the line of cars very late. The algorithm will then hold the attacked light green long enough for this nonexistent car to pass, leading to a green light – and correspondingly, red lights for other lanes – that is much longer than needed for the actual cars on the road.

We called the second weakness we found the “curse of the transition period,” or the “ghost vehicle attack.” The I-SIG algorithm is built to accommodate the fact that not all vehicles can communicate yet. It uses the driving patterns and information of newer, connected cars to infer the real-time location and speed of older, noncommunicating vehicles. Therefore, if a connected car reports that it is stopped a long distance back from an intersection, the algorithm will assume there is a long line of older vehicles queuing ahead of it. Then the system would allocate a long green light for that lane because of the long queue it thinks is there, but really isn’t.

These attacks happen by making a device lie about its own position and speed. That’s very different from known cyberattack methods, like injecting messages into unencrypted communications or having an unauthorized user logging in with a privileged account. Therefore, known protections against those attacks can do nothing about a lying device.

Results from a misinformed algorithm

Using either of these attacks, or both in concert with each other, can allow an attacker to give long periods of green lights to lanes with little or no traffic and longer red lights to the busiest lanes. That causes backups that grow and grow, ultimately building into massive traffic jams.

A congestion attack on a traffic signal control system.

This sort of attack on traffic lights could be just for fun or for the attacker’s own benefit. Imagine, for example, a person who wants to have a faster commute adjusting his own traffic-light timing, at the expense of other drivers’ delays. Criminals, too, might seek to attack traffic lights to ease their getaways from crime scenes or pursuing police cars.

There are even political or financial dangers: A coordinated group could shut down several key intersections in a city and demand a ransom payment. It’s much more disruptive, and easier to get away with, than other ways of blocking intersections, like parking a car across traffic.

Because this type of attack exploits the smart traffic control algorithm itself, fixing it requires joint efforts from both transportation and cybersecurity fields. This includes taking into account one of the broadest lessons of our work: The sensors underlying interactive systems – such as the vehicles in the I-SIG system – aren’t inherently trustworthy. Before engaging in calculations, algorithms should attempt to validate the data they’re using. For example, a traffic-control system could use other sensors – like in-road sensors already in use across the nation – to double-check how many cars are really there.

This is just the beginning of our research into new types of security problems in the smart transportation systems of the future, which we hope will both discover weaknesses and identify ways to protect the roads and the drivers on them.

Qi Alfred Chen, Ph.D. Candidate in Computer Science and Engineering, University of Michigan and Z. Morley Mao, Professor of Electrical Engineering and Computer Science, University of Michigan

This article was originally published on The Conversation. Read the original article.

PREMIUM ARTICLE: Subscribe To Keep Reading
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!

Sign up

By subscribing you agree to our Terms of Use

 You're signed up!
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!

Sign up

By subscribing you agree to our Terms of Use

You're signed up!
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!

Sign Up

By subscribing you agree to our Terms of Use

 You're signed up!
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!
Sign up

By subscribing you agree to our Terms of Use

You're signed up!
BENEFITS READERS PASS PATRIOTS FOUNDERS
Daily and Breaking Newsletters
Daily Caller Shows
Ad Free Experience
Exclusive Articles
Custom Newsletters
Editor Daily Rundown
Behind The Scenes Coverage
Award Winning Documentaries
Patriot War Room
Patriot Live Chat
Exclusive Events
Gold Membership Card
Tucker Mug

What does Founders Club include?

Tucker Mug and Membership Card
Founders

Readers,

Instead of sucking up to the political and corporate powers that dominate America, The Daily Caller is fighting for you — our readers. We humbly ask you to consider joining us in this fight.

Now that millions of readers are rejecting the increasingly biased and even corrupt corporate media and joining us daily, there are powerful forces lined up to stop us: the old guard of the news media hopes to marginalize us; the big corporate ad agencies want to deprive us of revenue and put us out of business; senators threaten to have our reporters arrested for asking simple questions; the big tech platforms want to limit our ability to communicate with you; and the political party establishments feel threatened by our independence.

We don't complain -- we can't stand complainers -- but we do call it how we see it. We have a fight on our hands, and it's intense. We need your help to smash through the big tech, big media and big government blockade.

We're the insurgent outsiders for a reason: our deep-dive investigations hold the powerful to account. Our original videos undermine their narratives on a daily basis. Even our insistence on having fun infuriates them -- because we won’t bend the knee to political correctness.

One reason we stand apart is because we are not afraid to say we love America. We love her with every fiber of our being, and we think she's worth saving from today’s craziness.

Help us save her.

A second reason we stand out is the sheer number of honest responsible reporters we have helped train. We have trained so many solid reporters that they now hold prominent positions at publications across the political spectrum. Hear a rare reasonable voice at a place like CNN? There’s a good chance they were trained at Daily Caller. Same goes for the numerous Daily Caller alumni dominating the news coverage at outlets such as Fox News, Newsmax, Daily Wire and many others.

Simply put, America needs solid reporters fighting to tell the truth or we will never have honest elections or a fair system. We are working tirelessly to make that happen and we are making a difference.

Since 2010, The Daily Caller has grown immensely. We're in the halls of Congress. We're in the Oval Office. And we're in up to 20 million homes every single month. That's 20 million Americans like you who are impossible to ignore.

We can overcome the forces lined up against all of us. This is an important mission but we can’t do it unless you — the everyday Americans forgotten by the establishment — have our back.

Please consider becoming a Daily Caller Patriot today, and help us keep doing work that holds politicians, corporations and other leaders accountable. Help us thumb our noses at political correctness. Help us train a new generation of news reporters who will actually tell the truth. And help us remind Americans everywhere that there are millions of us who remain clear-eyed about our country's greatness.

In return for membership, Daily Caller Patriots will be able to read The Daily Caller without any of the ads that we have long used to support our mission. We know the ads drive you crazy. They drive us crazy too. But we need revenue to keep the fight going. If you join us, we will cut out the ads for you and put every Lincoln-headed cent we earn into amplifying our voice, training even more solid reporters, and giving you the ad-free experience and lightning fast website you deserve.

Patriots will also be eligible for Patriots Only content, newsletters, chats and live events with our reporters and editors. It's simple: welcome us into your lives, and we'll welcome you into ours.

We can save America together.

Become a Daily Caller Patriot today.

Signature

Neil Patel