I've seen something like this take place right in front of me. The light I guess was on a magnetic signal and not a regular cycle. The car ahead of me inched too far ahead of the magnet strip, I was too far from it. I had nothing to do that day and was curious how this would play out so I just sat there and gave them sufficient room to back up if they realized it. We must have waited a good 5 minutes with cars piling up behind us before that first car backed up, triggered the light in 20 seconds, then off we all went. There's plenty of social engineering potential out there to cause a lot of confusion, consternation, even chaos, but seems like the sort of hacker that would get their kicks off that is an extremely rare breed, or these sorts of things would be happening all the time for all sorts of parts of our life.
I used to bicycle along a route where there was a left turn like this, the light wouldn't detect my bicycle. If I sat in the left turn lane on my bike (like I'm supposed to if I'm turning left) and the car behind me stopped a reasonable distance from me the light would never change. This is a street that terminates into the cross street, so there's no one across from us to trigger it, no one going straight to trigger it, and right turners would clear out too fast to trigger it. If I was malicious I could easily have grown a pretty absurd line of cars and buses behind me.
I no longer bike through that intersection (because I don't need to very often, and because I found some nice side streets that happen to take me around it), but I doubt it's changed in the years since.
It's also usually possible to trigger the green light by using the button that is at the crosswalk (inteded to be used by pedestrians when they need to cross).
You can attach a small permanent magnet somewhere on your bike's frame and it will trigger the ground loops. They're a common add-on for motorcycles, too.
I found steel rims to almost always work as long as you put it right over the middle line. In CA they often paint a little bike where you need to put it.
Is there a way to visually tell what kind of sensor loop you're dealing with?
I can verify that a magnet makes the difference for my steel-framed e-bike, but really there's only half a dozen lights in town (Gilroy, CA) that I frequently use.
> and even if nothing triggers it they change once every few minutes anyway
This isn't 100% true. There are many small, rarely traveled, residential streets (i.e. only the people who live on the small street come/go from there) that feed into high traffic, multi-lane arteries.
Parent comment's scenario is pretty common due to detection based switching. 99.99% of the time this is desirable because it keeps the artery flowing.
If there's a crosswalk button across the artery, you'll many times find a person running out of their car to hit that to force the light change.
Are these traffic signals all programmed with controls unique to each intersection?!
Certainly many places have signals that are coordinated for several blocks, but in my experience, more often than not, intersections appear be controlled by local sensors.
Agreed, generally only in metro areas with the few miles leading in/out do you find coordinated traffic systems. Vast majority of road length is in suburbs where local sensors dominate.
Had a few friends who went to civil eng and two eventually joined city planning. Was fun to discuss their problems. Lack of funding really was the common thread. It's always lack of money.
ADS-B (so-called “secondary radar”) (actually aircraft telemetry) is broadcast with no encryption or authentication of any kind. Anyone can get on 1090MHz and transmit any packets they like (until the FCC and FAA and FBI arrive). You could make a hundred ghost planes appear traveling perpendicular to the runways of a major airport at 200 feet AGL.
This is one of these systems where you need somebody at the location you want to hack, and that makes things a lot harder from an opsec / legal perspective.
It is pretty trivial to detect where a malicious radio signal is coming from. Combine that with the requirement that it must come from the country being hacked, where police is presumably easy to deploy, and you get an almost-unhackable system in practice, despite many theoretical security flaws.
Compare that to the internet, where detecting the true origin of traffic (assuming the attackers are using VPNs and/or TOR) is very difficult, and even if you do so, you still have to convince some foreign law enforcement agency to prosecute. This is non-trivial with unfriendly countries like Russia, and actually impossible if the attacker is the nation-state itself.
Does anyone else not take advantage of magnetic loops to get an advanced left turn?
The traffic signals in my area are often setup to give advance green if there are two or more cars stopped. Every so often, I’ll stop short a car length from the stop line.
Not recently but I recall an intersection where I used to let my car roll back down the hill a bit in neutral if no one was behind me to quickly trigger the light. I didn't understand the mechanism at the time, just that I could reliably get the trigger doing this.
> potential out there to cause a lot of confusion, consternation, even chaos, but seems like the sort of hacker that would get their kicks off that is an extremely rare breed
Definitely not a rare breed. They're just busy elsewhere
They're supposed to be tuned but often aren't, as many motorcyclists can attest to
Further the muni often lacks resources to fix this in a timely manner after reporting. In some cases you see states effectively throw up their hands and say "if it doesn't detect you can just run the red"
Good luck with that on a bicycle with carbon frame, rims and other components. Some bikes haven't that much metal anymore, with even cranks, pedals, levers and derailleurs being made partly of composite materials.
The cited research exploring potential weaknesses in the Vehicle-to-Infrastructure standards seems worthwhile, in part because the primary entities (auto makers and a government agency) aren't exactly known for robustly secure early implementations of new emerging technologies.
More broadly, the area of roadway infrastructure tech brings up a pet peeve of mine. The street I live on ends in a T-intersection with a traffic light onto a main thoroughfare in our mid-sized suburb. The cross-traffic on the main thoroughfare can be quite dense but only during peak commute hours. Understandably, the wait for the green arrow to turn left onto our street is quite long after triggering the in-road sensor because it's stopping a lot of traffic which they don't want to do too frequently. Late at night the wait timer is set much shorter since there's very little oncoming traffic. However, quite consistently, there are other periods with equally little oncoming traffic, such as a couple hours every weekday mid-morning and mid-afternoon.
This leads to residents in our neighborhood waiting three or more minutes to turn left in the middle of the day when there aren't even any oncoming cars to stop, and often no cars at all on the thoroughfare within half a mile. Regularly leaving turning cars idling for so long when no other cars are even in sight is environmentally wasteful as well as super annoying. I assume a Raspberry Pi-level SBC with a camera could easily make the traffic signal efficient for cars waiting to turn left without adding any delay for oncoming traffic over the current timer system (or digging up roadway for more sensors).
In this not-uncommon scenario, the "smart light" doesn't need to even be that smart or bullet-proof since it can always fall back to the basic timer if the situation isn't clear and can be gated at the other extreme by a max frequency limit for acting. Which is why I'm puzzled I don't see any such solutions deployed anywhere. It seems like a simple way to improve worthy metrics that's easy to deploy, low cost and has no downsides.
Yes, this intersection has that. The problem is the sensor starts a timer that's set to 2 or 3 minutes for most of the day. This becomes a minimum wait time even when there are no oncoming cars for the entire wait period. At this intersection, the wastefully pointless "idle there for 3 minutes with no other cars anywhere in sight" scenario happens quite often.
There's also an even more perverse failure mode: we often end up waiting for 2.5 minutes with no other cars anywhere in sight, then when a lone car is randomly approaching the light that's been green for no cars (going its way) for 2.5 minutes, that one car gets stopped and waits as we finally get our turn arrow after 3 minutes. If the light was the least bit "smart", it would have changed for us right when we pulled up and no other cars were in sight. The turn arrow is only 10 seconds, so we would have been long gone and the intersection back to green by the time that other car was approaching - no car would have needed to wait and everyone would have been better served.
My local municipality decided that it would be more appropriate for lights to flash yellow and/or red on a couple of low-traffic intersections along major routes between 11 PM and 6 AM.
I have a few intersections near me that desperately needed to have the lights added but only for busy times of day. At night it can take 5 minutes to get through a battery of lights even with virtually no traffic.
I suspect choosing not to flash them at night is some combination of people not really familiar with that system getting potentially confused and (these are somewhat complex intersections) others just getting careless rather than carefully checking, at night, all the directions that traffic could be coming from.
That is the beauty of roundabouts, they work regardless of the time of day, and on some where there is a need for more regulation you can still add lights before the roundabout.
There's a few intersections like that here in Dublin.
But they aren't marked. So what sometimes happens is I cruise up on a bike, in the middle of the road because none of those have bike lanes.. and the bike, naturally, never triggers the lights. Neither does the car behind me.
Sorry to hear it's not only a problem here in the U.S. Ideally, our intersection wouldn't have dedicated left turn arrows at all, since it doesn't need them most of the day. The problem arises only about four hours a day. At those times the otherwise empty thoroughfare turns into a wave of cars making it impossible to enter or leave our neighborhood street by turning left because there's rarely a large enough gap in the fast-flowing traffic.
Traffic engineers probably have a term for this kind of bi-polar intersection. A solution would be some kind of "conditional left arrow" but there's no such thing (at least here in the U.S.) If there's a dedicated green arrow for left turn, then there's a modal left-turn red arrow along with it. It should be possible to improve all scenarios by standardizing something like a flashing yellow arrow to mean "okay to cross if no oncoming traffic" since this already works as the default behavior at intersections with no lights or lights with no left turn arrows.
> flashing yellow arrow to mean "okay to cross if no oncoming traffic"
That's already a thing, unless I'm misunderstanding you. We've had flashing yellow left turn arrows for years. I'm in the PNW, but I've seen it in other places in the US, we're definitely not unique.
While the potential of super-smart AI to improve transport efficiency, costs and environmental impact with self-driving is obvious, it's also expensive and still many years from being ready for broad deployment. It's puzzling that low-hanging fruit like an AI-assisted "Slightly Smarter" traffic light is ignored. It could deliver meaningful improvement today with cheap, easy to retrofit, Raspberry Pi-level tech which already works well enough for a simple, limited use case like reducing unnecessary idling at traffic lights.
For this situation, and similar ones, there are simple solutions. For example, in this situation, the timer should always be running (and resets when the light changes). When a car triggers the sensor, the light should change if the timer is > N. If the timer is not there yet, wait until timer is N.
No AI required, just basic thoughtfulness and requirements gathering.
The trouble with the street sensors is that your car has to come to a stop before it is detected. Stopping and starting cars consumes a great deal of gasoline.
Contrast it with the flow achieved when there's a traffic cop managing an intersection. It's an enormous improvement.
Don’t American cars have that thing that turns your engine off every time you stop? I can’t remember a car I’ve driven in Europe in the last 15 years that didn’t have that annoying feature.
Annoying because there are hardly any stoplights here. So it works by killing the engine for one second at the first roundabout you roll up to before you remember to hit the button that disables it for the rest of the trip.
I always thought they would work great in the states.
Shouldn't they have been pro-nuclear if they actually cared about the planet? But it seems to me they really care more about pushing their own ideology instead.
> Shouldn't they have been pro-nuclear if they actually cared about the planet?
Do you know that "they" aren't? Who is "they" even? None of this makes any sense. This is arguing against a group that is imagined to be homogeneous when that's clearly not the case.
In the South SF Bay Area, our pickup truck gets 13 mpg mixed freeway/city.
Doing 75-80 on flat land, or 65-70 over the Sierra Nevadas, it gets 24 mpg. With city traffic in other cities it gets 18 mpg.
The reason it is so bad here is that the environmental activists passed traffic quiescence laws that try to discourage people to drive by making the roads worse.
Of course, they don’t make obvious fixes to improve public transit, and the bike lane “improvements” they put in are mostly textbook “how to kill bicyclists” designs that European countries phased out decades ago.
Here are two classic favorites: concrete barriers that are too close to the curb to allow street sweeping, and adding bike lanes between parallel parking spots and the sidewalks.
They must have realized people started re-routing their trips to avoid stoplights unless they were making right turns, since they’ve also started erecting barriers or adding red arrows to make it impossible to make right turns on red.
Anyway, this wastes time, but it also costs us at least $100 a month on gasoline. Our primary car is an EV.
Anyway, around here, even a small investment in reducing idling (or just cutting funding for traffic quiescence projects) would be equivalent to increasing vehicle fuel economy by something like 20-80%.
> Anyway, around here, even a small investment in reducing idling (or just cutting funding for traffic quiescence projects) would be equivalent to increasing vehicle fuel economy by something like 20-80%.
sure, but I'd rather just lobby against cars at that point. Especially in a place like the Bay Area that should be mostly served by public transit and dense housing. Lobbying to micromanage idling just feels like a waste of effort for such a negligible benefit.
I didn’t even realize that we started rolling out intersections that talk directly to the cars nearby, and apparently only 30 minutes away from where I live.
I remember an old episode of Eureka about smart asphalt that if I remember correctly ended up causing a town wide traffic jam and then was never brought up again in subsequent episodes.
If only we could learn the pitfalls from sci-fi along with the cool ideas lol
I think a more pernicious problem would be if cars could give themselves an advantage - influencing routing algorithms, blocking cross traffic, favorable light changing, warning cars away.
There used to be a device that could mimic an emergency vehicle entering an intersection which would create a green light, and that is the kind of thing people would use, to the detriment of others.
Many of those systems have no real authentication so they are vulnerable, like the 802.11p.
Strong authentication for that kind of system is really tough because cars would be interacting at the datagram level, not have a lot of time for connection setup, probably requiring some authority like the cellular network to manage access control, etc (with the politically fraught "require a subscription" and less than 100% spatial coverage.)
If authentication is not good the killer apps to V2V may well be:
(1) Somebody lives in a residential neighborhood that they feel gets too much traffic. They set up a transmitter that makes it look like there is demolition derby going on which will presumably activate warnings and make people slow down.
(2) Same, for the driver who doesn't like being tailgated. (Now if you could only trigger an anti-collision radar.)
This is pretty much a non issue since the crime requires locality and it’s really no different from vandalizing equipment, just with much steeper consequences.
For example, sometimes kids shine laser pointers at helicopters. They get arrested for it. This crime would require a much more sophisticated attack than that which makes it a bit too difficult for a bored teen. Also the consequences aren’t disastrous enough for a terrorist.
I wish people would take into consideration the intentions of an attacker when publishing risk assessments.
As far as traffic attack vectors go, this is semi-intersting.
I like the wagon of smart phones attack[0]. Seems more fun and easy to do. I'll bet you could get all of Waymo's cars to reroute or force them to funnel into one street. THAT would be a cool show.
Connected Vehicle is a massive threat surface for terrorists or other crazy people to cause gridlock via (D)DoS or a mass casualty event. "TCAS for cars" is going to end badly is the most probable outcome without extremely careful and thoughtful design and implementation.
Especially since at least TCAS has a human in the loop (even if their action is prescribed by the system). New emergency braking regulation and the like is intended to be no human in the loop.
Last time I was looking (pre covid) it was kinda hard to find readily available hardware to talk on 5.9GHz where there V2X 802.11p works. That is probably easier now that "Wi-Fi 6" uses that same chunk of spectrum as 802.11p. I'm guessing there is now (or soon will be) a Wi-Fi 6 usb (or perhaps PCI or M2/nVME) adaptor with enough flex in it's firmware that it can be convinced to talk 802.11p. Then you'd be talking a RasPi and a WiFi adaptor to start hacking on this.
There's a SDR openWiFi project that lets you build 5.8GHz WiFi using one of a list of SDR boards - it'd probably be fairly easy to tweak that into doing 802.11p, but now you're talking many hundreds of dollars worth of hardware - a bit outside FlipperZero/RasPi+dongle pricing.
I've already seen likely malfeasance from the traffic overrides used to help emergency vehicles (in the US) control traffic lights. When the override is activated, a white light turns on near the traffic light. I've seen that go on in heavy traffic when there were no obvious emergency vehicles present.
Another time I was in heavy traffic and held up for about an hour because a parked police car had left their traffic light override turned on, causing the light not to cycle.
Protesters a few generations ago figured out that you can grab a nearby dumpster and set it on fire to cause even more disruption to an intersection. The fact that it still doesn’t happen very often demonstrates that not every threat is worth worrying about.
There is also no security around the systems that change traffic lights for emergency vehicles. In fact most of them can be defeated using a handheld flashlight. Yet we don’t see problems with that either.
The stuff you have to do in person one at a time will probably always be limited. Risk/reward just doesn't make sense.
When you can push a software payload that does the equivalent of cutting down tens of thousands of stop signs at once from an extradition-free jurisdiction, the calculus changes.
We're getting plenty of tastes of this with healthcare companies and hospitals being targeted with ransomware.
It takes a lot of time, effort, and risk to drag a dumpster into the street and set it on fire. Someone using a laptop doesn't even have to stand up to push a button that infects a car with a virus that spreads to other cars. The risk of getting caught is basically zero.
if you have a virus that infects cars and spreads to other cars you can cause a lot more targeted damage than confusing an intersection, and a lot more widespread damage than confusing many intersections
Another weakness in traffic signalling devices that is actually under active exploitation is that you can just take a vehicle and spin donuts in the middle of the intersection.
I don’t know what dumpsters you have but around here they’re on wheels and weigh about 500 pounds empty and can be rolled relatively easily with a few guys (the man who dumps them rolls the full ones into the alley to line up with the truck).
I believe that we have far too many stoplights anyway. I don't have data to support this but intuitively stop signs seem safer to me. The problem with lights is that they encourage dangerous driving behavior and increase the likelihood of high speed collisions relative to stop signs. Not only are crashes causing immense harm both to property and people, nothing messes up traffic worse than a crash. My intuition is that more stop signs relative to stop lights would lower best case arrival times but that median arrival times would be comparable (and possibly even superior) in dense environments.
Also, it's worth noting that stoplights guarantee increased car idling in many situations relative to stop signs. How many times have you been pointlessly sitting at a light when there was no cross traffic?
The situation could be further improved with low speed yield signs at visually clear crossings (in other words, you wouldn't have to stop but you would be required to slow down and would be held liable for striking another road user that entered the intersection before you). Cameras could be used to enforce this.
I don't think your intuition is correct. Traffic lights let civil engineers tune priority and allow greater throughput at an intersection.
Just like how we consume large amounts of space for interchanges on interstates instead of using traffic lights, there's a reason we don't see stop signs (at least, not often) on 45+mph roads.
On Maryland Route 216 starting at the interchange just east of US 29 and going west through Fulton to Westside Blvd, there are four round-abouts within a distance of 0.8 miles. It feels like there are more, maybe because they're so rare otherwise.
Geez. We already have traffic cams on the streetlights. Just have an AI look at them, and let it figure out how to optimize flow. Think of the bipedal robots taught to walk by AI.
And just think of all the gas saved and CO2 not emitted.
Firstly, the idea of individual human carriers in cities is flawed. It's the wrong approach to moving people in a dense area. So frankly, any insight that follows this point is ultimately pointless even if significant in context.
That said, individual human carriers in a populated area should only be controlled by a top-down system, a master-coordinator. No individual vehicle should have any freedom of choice beyond selecting a destination.
To be frank I wouldn't put it past certain groups to engage in that given the rhetoric I've seen from the terminally online taking demonization of cars way too far.
This goes with a lot of "ZOMG UR GONNA DIE" type topics that the media loves to use to scare people with. Statistically, we're almost all a bunch of future cancer and heart disease patients meaninglessly stressing out about being shot by some rando or eaten by a shark or the like, even though the likelihood of these things happening is extremely rare. Most people flat-out suck at estimating risk.
Sure.. you can solve a lot of apparent "problems" by just removing destinations, flexibility and on demand scheduling. There are a lot of people who think the latter features are worth the price.
That requires physical presence whereas these sorts of attacks can be undertaken remotely. And to actually use that as an attack, as the article points out, you need to do it to a lot of intersections which is hard to scale when you need to actually be physically present.
Plus, what happens if there are flaws in the control system that you can exploit via those kind of attack via a car. Like turning all the lights green at the same time.
The attack shown here requires a transmitting device to be physically present at the intersection, and the impact it was able to have on the system was “to increase the total delay by as high as 68.1%”
This isn’t a vector for a mass hack of traffic lights with enormous safety consequences like in the Italian Job. It’s just a mechanism by which a malicious user can degrade public infrastructure.
There are lots of ways in which malicious users can degrade public infrastructure. Usually though people don’t. When people do we have laws to prosecute them with.
This is a little trickier because if you just park your car in the middle of an intersection, it's obvious who is the problem (it's you, or at least the car even if it can't be traced back to you). If the problem can be anybody with a few dollars' worth of electronics within 100ft of an intersection, then it isn't so obvious. Now we need FCC party vans, or at least the cops need another doohickey now.
> Right. And you think people will plant electronic doohickeys at junctions in order to make them 60% less efficient?
I think they'll compromise the gas station chain's IOT devices.
Similar to when the POS devices for Target were attacked in 2013. They didn't have to have someone taking the in-person risk of going up to each device in person; they hacked a small HVAC company in PA that had "remote access to Target’s network for electronic billing, contract
submission, and project management purposes". https://www.commerce.senate.gov/services/files/24d3c229-4f2f...
It's not always about money. Sometimes there's a larger goal of just being disruptive.
Imagine gridlock traffic on an election day. Imagine that traffic being mainly focused on voting districts that are likely to vote for a specific candidate.
> a transmitting device to be physically present at the intersection
Drones exist. If I slap one of these on the side of an autonomous taxi cab.. how long until they notice? That's a huge fleet ripe for abuse in this way.
> When people do we have laws to prosecute them with.
This does not relieve the government from responsibly using our tax dollars when creating and delivering these implementations. Papering over real consequences with an after the fact jurisprudence is immensely irresponsible.
Please explain the motivation and logistics behind your diabolical supervillain scheme that involves deploying a fleet of robotaxis to disrupt the traffic light cycles across the city and reduce the efficiency gain of a few junctions versus an optimized light cycle by a little over 60%, and then perhaps I will understand why you think the government should spend a single cent mitigating that threat.
Motivation: I want to hurt, annoy and disrupt the lives on Americans, even in seemingly insignificant ways. My purpose is to cause chaos.
Logistics: I am financed by a nation/state unfriendly with the US.
You could say that no nation state would shell out the money for something like this, but as long as it's relatively cheap (<$100k) and causes disruptive chaos, there will always be buyers for this kind of capability.
You don't have to physically be there even today to shut down an intersection. Just drop the intersection you'd like to shut down into some form of social media followed by these car sideshow people, tell them everyone will be there, they show up and what do you know everyone you've told is there, besides you of course, tearing up their tires and creating congestion for probably dozens of blocks nearby this intersection where nothing is moving at all except these fast n furious wannabes. Not to mention the cost to the public of rousing cops and potentially helicopters to deal with this. Much more effective and costly to the public than this strategy that only results in a bit more traffic than usual, and can be done today. Maybe its already being done.
Having spoken to a friend who does traffic for a city, traffic light controllers are generally (always?) hard-wired to prevent an all green-type situation, but they have other weaknesses which I won’t go into.
All the stuff is super physically unsecured too. You see people routinely popping the plate off telephone poles and illegally tapping into the powerlines. If someone knew what they were doing they could probably hook into the lines that control signal timing and do whatever. Throw on a high vis vest and people will think you are supposed to be doing whatever you are doing.
I did work on those for a while many years ago. I don't know if things have changed but many signal controllers had the ability to disable the conflict monitor without going into flash which could be helpful when working on them, but could certainly be abused.
And yeah. cabinets are often left unlocked.
I don't know whether you meant the submitted title ("A malicious vehicle can block "smart" intersections in the USA") or the current title ("One malicious car could trick smart traffic control systems in the US"), which was my attempt at shortening the article's own title* to fit HN's 80 char limit.
In any case the GP comment (https://news.ycombinator.com/item?id=40359800) broke the site guidelines either way; we're trying to avoid shallow internet dismissals here. They're not only uninteresting in themselves, they influence threads to become less interesting.
