Full Stop: Vulnerabilities in IoT Traffic Light SystemsResearcher Rik van Duijn of Zolder Offers Advice to IoT Application Developers
What if you could ride a bike up to a traffic light and have it turn green? That’s already possible in some cities in the Netherlands that have installed IoT traffic lights.
But security researchers have already uncovered problems. The traffic lights interact with an app on a rider’s phone. During a recent presentation at the Def Con security conference, researchers with the security firm Zolder showed how they could remotely trigger the lights without being near one.
Rik van Duijn, co-founder of Zolder, says his team, which included Wesley Neelen, reverse engineered applications that developers are making that are compatible with the traffic lights. It was trial and error, but they eventually figured out how to replicate sending the correct commands from afar.
“There’s no real authentication on who or where you are,” van Duijn says. “The service relies on the input you give, and that’s actually the reason this whole research project started.”
In this video interview, van Duijn discusses:
- Why the IoT traffic lights were vulnerable to manipulation;
- What the findings mean for developers of critical infrastructure projects.
- Recommendations for developers working on IoT public infrastructure.
van Duijn is co-founder of Zolder, a security firm launched in March that's based in Noordhoek, Netherlands. Before that, he was a security researcher and pentester for KPN and also an ethical hacker and pentester with DearBytes B.V.