Endpoint Security , Internet of Things Security

Full Stop: Vulnerabilities in IoT Traffic Light Systems

Researcher Rik van Duijn of Zolder Offers Advice to IoT Application Developers
Rik van Duijn, co-founder, Zolder

What if you could ride a bike up to a traffic light and have it turn green? That's already possible in some cities in the Netherlands that have installed IoT traffic lights.

See Also: Rapid Digitization and Risk: A Roundtable Preview

But security researchers have already uncovered problems. The traffic lights interact with an app on a rider's phone. During a recent presentation at the Def Con security conference, researchers with the security firm Zolder showed how they could remotely trigger the lights without being near one.

Rik van Duijn, co-founder of Zolder, says his team, which included Wesley Neelen, reverse engineered applications that developers are making that are compatible with the traffic lights. It was trial and error, but they eventually figured out how to replicate sending the correct commands from afar.

"There's no real authentication on who or where you are," van Duijn says. "The service relies on the input you give, and that's actually the reason this whole research project started."

In this video interview, van Duijn discusses:

  • Why the IoT traffic lights were vulnerable to manipulation;
  • What the findings mean for developers of critical infrastructure projects.
  • Recommendations for developers working on IoT public infrastructure.

van Duijn is co-founder of Zolder, a security firm launched in March that's based in Noordhoek, Netherlands. Before that, he was a security researcher and pentester for KPN and also an ethical hacker and pentester with DearBytes B.V.


About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.